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Virtualization  dominates  Interop  Vi!  |  d  *  l  •  j  Q 

Interop  attendees  were  told  to 

warily  embrace  virtualization  as  the  Wall  Street  financial 
crisis  unfolded  just  blocks  away.  Page  12. 


Financial  crisis  foretells  end  of  an  era  in  Wall  Street  IT 

Wall  Street's  meltdown  promises  to  forever  change  the  way- 
information  technology  spending  is  handled.  Page  14. 


NmWRKMM. 


Putting  WiMAX 


Maximize  your  return  on  IT  ■  www.networkworld.com 


September  22,  2008  ■  Volume  25,  Number  37 


to  the  test 

Maryland  project  will 
develop  applications 
for  student,  public 
safety  use.  Page  15. 


VMware 
targets 
the  cloud 


SPECIAL  FOCUS 

Experts:  App 
support  key 
in  IP  PBXs 


Enterprises 
want  Google-like 
cloud  computing, 
CEO  Paul  Maritz 
says  at  VMworld. 
Page  20. 


All  eyes  on  HP-EDS 
integration 

Huge  job  cuts 
announced  as  HP 
revamps  business 
services  focus. 

Page  22. 

Preppingfora 

pandemic 

FCC  panel  highlights 
telco,  ISP  game 
plans.  Page  22. 


Attack  of  the 
Verizon  robo-caller 

Net  Buzz  columnist 
Paul  McNamara 
details  his  family's 
torment.  Page  46. 


BY  TIM  GREENE 

The  promise  that  IP  PBXs  will 
help  customers  move  beyond 
simple  voice  and  data  integra¬ 
tion  sounds  good,  but  the  reality 
is  proving  to  be  a  lot  more  com¬ 
plex  with  the  emergence  of  uni¬ 
fied  communications. 

Age-old  issues  such  as  the  lack 
of  multivendor  interoperability 
and  standards  implementation 
differences  can  snarl  UC  integra¬ 
tion  with  IP  PBX  platforms  ex¬ 
perts  warn. 

“You  need  to  think  of  an  IP  PBX 
as  another  data  center  server. 
How  will  it  work  with  database 
servers,  with  CRM  and  ERP  appli¬ 
cations?  Look  at  it  as  part  of  a 
larger  IT  infrastructure  puzzle,” 
says  Phil  Hochmuth,  an  analyst 
with  the  Yankee  Group. 

In  particular  that  means  think¬ 
ing  about  checking  out  Session 
Initiation  Protocol  (SIP)  sup¬ 
port,  which  is  not  necessarily 
the  signaling  protocol  used  by 
the  top  IP  PBX  vendors  today, 
Hochmuth  says. 

The  vendors  are  all  moving  to 
SIP  however,  and  are  trying  to 
make  their  implementations  of 
SIP  interoperable  with  those  of 
other  vendors.  For  instance, 
See  IP  PBX,  page  18 
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Feds  seen  leading  way 
on  better  DNS  security 

Mandated  rollout  throughout  .gov  called  crucial 
catalyst  for  adoption  by  private  industry 


BY  CAROLYN  DUFFY  MARSAN 

When  you  file  your  taxes  online  you  want 
to  be  sure  the  Web  site  you  visit  — 
www.irs.gov  —  is  operated  by  the  Internal 
Revenue  Service  and  not  a  scam  artist.  By 
the  end  of  next  year  you  can  be  confident 
that  every  U.S.  government  Web  page  is 
being  served  up  by  the  appropriate  agency. 

That’s  because  the  feds  have  launched 
the  largest-ever  rollout  of  a  new  authenti¬ 
cation  mechanism  for  the  Internets  DNS. 
All  federal  agencies  are  deploying  DNS 
Security  Extensions  (DNSSEC)  on  the  .gov 
top-level  domain,  and  some  say  once  the 


rollout  is  complete,  banks  and  other  busi¬ 
nesses  might  follow  suit. 

DNSSEC  prevents  hackers  from  hijacking 
Web  traffic  and  redirecting  it  to  bogus  sites. 
The  Internet  standard  prevents  spoofing 
attacks  by  allowing  Web  sites  to  verify  their 
domain  names  and  corresponding  IP  ad¬ 
dresses  using  digital  signatures  and  public- 
key  encryption. 

With  DNSSEC  deployed,  federal  Web  sites 
“are  less  prone  to  be  hacked  into,  and  it 
means  they  can  offer  their  services  with 
greater  assurances  to  the  public,”  says 

See  DNS,  page  16 
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14  management  features 
every  WLAN  vendor 
should  be  providing 
today.  PAGE  33 

Six  features  customers 
should  be  asking  ven¬ 
dors  to  offer.  PAGE  36 

lETWORKWORLD  Airwave  provides 
EESSffl  ®  multivendor 
TEST  WLAN  monitor- 
I  ~  ing.  PAGE  38  1 


IIHI 


^Business  Machines  Corporation,  registered  in  inar.y  jurisdictions 
trace  .Shtml.  ©2008  IBM  Corporation  Aii  rights  reserved. 


Running  business  apps  on  servers  that  aren’t  scalable,  along  with  business  growth  and 
demanding  service  levels,  is  consuming  energy  at  an  exponential  rate.  Upgrading  your  IT 
environment  with  IBM  can  help  you  break  this  cycle  with  highly  scalable,  easy-to-manage 
servers.  And  with  IBM  PowerVM™  virtualization  technology,  you  can  consolidate  workloads 
from  twelve  single-application  16-core  HP  Integrity  rx7640  systems  onto  two  16-core 
Power™  570  systems,  for  up  to  18%  higher  performance  and  reduced  energy  requirements  of 
up  to  44%1  A  greener  world  starts  with  greener  business.  Greener  business  starts  with  IBM. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 

Learn  about  managing  application  environment  growth  at  ibm.com/green/performance 


For  complete  details,  go  to  ibm  com/grecn/claim,  IBM.  the  IBM  logo,  ibm.com,  PowerVM  and  IBM  Power  570-are  trademarks  of  Internation; 
worldwyle  A  current  list  ot  IBM  trademarks  is  available  oh  the  Web  aj  "Copyright  and  trademaik  informatkj}’  atwww  ibm  com/legal/jppy 
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With  a  perfect  sighttine  to  your  entire  IT  portfolio  of  assets,  services,  resources  and  projects,  it’s  easy  to  be  right  about  a  lot. 
CA’s  approach  to  supporting  IT  governance  empowers  you  to  make  decisions,  investments  and  trade-offs  that  are  spot  on. 
The  truth  is,  people  are  drawn  to  that  kind  of  business  savvy.  But  not  to  worry,  you'll  get  used  to  all  the  attention.  Eventually. 
To  learn  more,  download  the  latest  white  paper  at  ca.com/itg. 
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Register  at  caworld.com 
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NETWORK  INFRASTRUCTURE 

12  Interop  focuses  on  virtualization 
technology. 

14  Financial  crisis  signal  end  of  era. 

20  VMware  touts  ‘the  cloud’  at  VMworld. 
22  All  eyes  on  HP-EDS  services  plans. 

25  Opinion  Andreas  Antonopoulos: 

Privacy,  security  issues  darken  cloud 
computing. 

44  Knee-jerk  compliance  not  the  answer. 

46  Opinion  BackSpin:  Food,  vampires 
and  IT. 

SERVICE  PROVIDERS 

15  WiMAX  lab  to  tap  student  creativity. 
22  Telcos,  ISPs  prep  for  pandemics. 

24  Opinion  Johna  Till  Johnson:  Is 

green  real?  ...  As  real  as  your  bottom  line. 

46  Opinion  ‘Net  Buzz:  Verizon  robo- 
caller  torments  my  family. 

TECH  UPDATE 

28  Making  role  management  work. 


Surge  Protector  makes  a  good  travel¬ 
ing  companion.  See  Cool  Tools,  page  32. 
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GOODBADUGLY 


Trillions  of  reasons  to  be  upbeat 
about  telecom 

Sure,  we've  had  our  fill  of  bad  financial 
news  recently,  but  here’s  one  nugget  to 
reassure  those  in  telecom:  Global  tele¬ 
com  revenue  will  reach  $2  trillion  by  the 
end  of  2008,  an  increase  of  7.6%  over 
telecom  revenue  in  2007,  Gartner  says. 

U.S.  looking  in  rearview  mirror 

The  U.S.  has  the  world’s  best  environ¬ 
ment  fora  competitive  IT  industry,  but 
other  countries,  including  Taiwan, 
Sweden  and  Denmark  are  quickly 
catching  up,  says  a  study  sponsored  by 
the  Business  Software  Alliance.The 
U.S.  retains  its  No.  1  ranking  from  a 
year  ago,  and  it  continues  to  rank  in  the 
top  five  in  all  six  categories  that  the 
Economist  Intelligence  Unit  used  to 
evaluate  countries’  IT  environments. 

But  the  U.S.  broadband  infrastructure, 
including  broadband  penetration,  ranks 
behind  many  countries  in  Western 
Europe  and  East  Asia,  and  the  U.S.  is 
facing  a  shortage  of  skilled  tech  work¬ 
ers,  the  study  said. 


Pitying  Brad  Pitt 

Brad  Pitt  topped  the  list  of  stars  whose 
names  are  being  most  exploited  across 
the  Web  to  lure  unwary 
fans  into  downloading 
wallpaper  and  screen¬ 
saver  software  that’s 
really  malware  in  disguise, 
according  to  McAfee. 

Last  year's  No.  1  lure, 

Paris  Hilton,  didn't 
even  crack  the  top  15 
this  time  around. 
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P  *LL 

A  snapshot  of  how  networkworld.com 
visitors  voted  on  a  key  networking  issue 
last  week: 


Hacking  into  Sarah  Palin’s  e-mail  is . . . 


We  don't  know 
enough  yet  13%  -1 


36% - 

Justified 
given  the 
circumstances 


Wrong  under  any 
circumstances  51% 


Total  voters  for  this  poll:  2,532 

Vote  and  discuss:  www.nwdocfinder.com/6732 


PEERSAY 


Breaking  into  a  candidate’s 
mailbox 

Re:  Palin’s  private  email  hacked,  posted  to 
‘Net  (www.nwdocfinder.com/6723): 

I  wonder  if  they  will  be  as  “prudent”  to  dig 
into  the  emails  of  the  Democratic  Party’s  pres¬ 
idential  nominees  and  their  spouses  when  try¬ 
ing  to  dig  up  dirt? 

Posting  items  with¬ 
out  consent  of  the 
postees  is  tanta¬ 
mount  to  breaking 
the  laws  of  the  land 
regarding  private 
communications 
and  computing. 

Boasting  of  such  is 
about  as  dumb  as  it 
gets. 

When  this  hap¬ 
pened  to  us  a  few  years  ago,  we  had  the  e-mail 
logs  sent  to  a  federal  judge  for  review. We  noti¬ 
fied  the  offendee  what  we  did  and  it  stopped. 

Robert  Pritchett 

Discuss  at  www.nwdocfinder.com/6723 

Cloud  cover 

Re:  Cloud  computing  may  draw  government 
action  (www.nwdocfinder.com/6724): 

This  sounds  a  lot  like  Hollywood  entertain¬ 
ment  ratings  for  movies,  music  and  video 
games.  If  the  industry  (can  we  call  it  that  yet) 
doesn’t  start  policing  itself  with  privacy  and 
data  protection  policies  then  the  government 
may  step  in  and  screw  it  up.  Witness  what  hap¬ 
pened  with  the  credit  card  industry  and  PCI 
compliance. The  card  associations  stepped  in 
quickly  after  the  TJMaxx  fiasco  and  started  the 
PCI  DSS  Compliance  initiative.That  was  smart. 
Governance  around  online  information  hasn’t 
been  such  a  big  issue  with  services  like  AOL 
and  photo  sharing  sites  in  the  past.  But  when 
we  all  start  storing  spreadsheets  and  other 
more  sensitive  information  in  clouds  like  the 
logs  from  our  servers  and  applications  it  will 
be  a  much  bigger  deal. 

Michael  Baum 

Discuss  at  www.nwdocfinder.com/6725 


How  the  profit  motive  can 
improve  open  source 

Re:  The  many  faces  of  open  source  DBMS 
(www.nwdocfinder.com/6726): 

A  for-profit  company  with  real  revenues  can 
hire  developers  to  improve  the  open  source 
database  (contributing  their  work  back  to  the 

open  source  commu¬ 
nity).  Even  better,  they 
can  hire  the  top  de¬ 
velopers  of  the  open 
source  database. 

For  a  long  time, 
Python  was  main¬ 
tained  primarily  by 
Python  Labs,  which 
was  a  part  of  the 
Zope  company, 
which  depended 
heavily  on  Python. 
Six  developers  (including  Jeremy  Hylton) 
were  paid  by  Zope  to  work  half-time  on  main¬ 
taining  Python,  and  they  were  the  core  main- 
tainers,  with  (I  think)  about  28  open  source 
contributors  outside  of  Python  Labs. 

Many  open  source  projects/products  that 
get  to  be  really  good  and  popular  end  up 
being  supported  by  companies,  with  the  most 
obvious  case  being  Linux  (e.g.IBM). 

Daniel  Weinreb 

Discuss  at  www.nwdocfinder.com/6726 

Nobody  will  buy  a  product 
they  don’t  know  about 

Re:  Lenovo  halts  online  sales  of  Linux-based 
PCs  (www.nwdocfinder.com/6727): 

1  just  bought  a  Lenovo.  After  I  received  it,  I 
wiped  out  Windows  and  put  Linux  Ubuntu  in 
the  entire  hard  drive. 

Had  I  known  that  Lenovo  was  installing 
Linux  on  their  laptops, it  would  have  saved  me 
a  lot  of  time  and  effort  (not  to  mention  saving 
on  the  “Windows  Tax”). 

Lenovo,  please  do  a  better  job  marketing  in 
the  future.  Shame  on  you. 

Edgar  Hilton 

Discuss  at  www.nwdocfinder.com/6728 


**Many  open  source  pro¬ 
jects/products  that  get  to  be 
really  good  and  popular  end 
up  being  supported  by  compa¬ 
nies,  with  the  most  obvious 
case  being  Linux  (e.g.  IBM).5* 
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IPv6  to  the  home 

Re:  Experts  make  a  solid  business  case  for 
IPv6  (www.nwdocfinder.com/6729): 

It  is  unclear  if  the  support  in  the  home  gate¬ 
ways  was  the  gating  factor  for  service  pro¬ 
viders  to  offer  IPv6  services.  It  is  the  eternal 
IPv6  story  of  some  chicken  and  some  egg. 
While  taking  the  strategic  perspective  on  IPv6, 
manufacturers  prioritize  based  on  market 
demand  as  well.  In  the  case  of  Linksys,  official 
IPv6  support  will  be  available  shortly. 

Ciprian  Fbpouiciu 

Discuss  at  www.nwdocfinder.com/6730 
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Making  IT  work  as  one.  It's  what  sets  us  apart, 

At  Novell,  we're  taking  interoperability  to  a  whole  new  level.  We  believe  every  person,  every 
partner  and  every  piece  of  your  mixed-IT  world  should  work  as  one,  Our  Enterprise  Linux, 
Security  and  Identity  Management,  Systems  Management  and  Collaboration  solutions 
easily  integrate  with  just  about  any  IT  infrastructure.  So  you  can  lower  cost,  complexity  and 
risk  on  virtually  any  platform  and  make  your  IT  work  as  one. 
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Copyright  f:  2008  Novell  Inc.  All  rights  reserved.  Novell  and  the  Novell  logri  are  registered  trademarks 
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B  Seagate:  Put  500GB  of  "eruoyment"  in 

your  pocket.  Keith  Shaw  writes  in  his  Cool 
Tools  Happy  Blog,  "Seagate  this  week 
announced  its  Fall  2008  lineup  of  FreeAgent 
external  hard  drives.  The  mobile  line  of 
FreeAgent  Go  devices  now  reaches  up  to 
500GB  of  capacity  for  storing  your  music, 
photos,  videos  and  even  boring  things  like 
PowerPoint  presentations.  The  FreeAgent 
Go  measures  only  12.5  mm,  but  still  includes 
shock  and  vibration  protection,  so  if  the  drive 
accidentally  drops  to  the  floor  your  data 
should  still  be  safe. ...  Seagate  says  its  goal 
with  the  new  devices  will  be  about  getting 
consumers  to  understand  that  digital  content 
isn't  mean  to  just  be  stored,  but  to  be 
enjoyed."  www.nwdocfinder.com/6736 

B  Selecting  a  router  for  your  home  lab. 

Dennis  Hartmann  writes  in  his  Cisco  Unified 
Communications  blog  that  there  are  a  lot  of 
router  hardware  options  for  a  home  lab  that 
functions  as  a  gateway  for  Cisco  Unified 
Communications  Manager  Express.  "If  you 
plan  on  running  CUCME,  you  will  need  to  buy 
at  least  a  2610  XM  router.The  2600  XM  series 
routers  allow  larger  capacities  of  Flash  and 
DRAM  than  the  non-XM  variants.  The  2600 
XM  series  routers  are  selling  on  eBay  very 
cheap.  Unfortunately,  the  2600  XM  routers  do 
not  supported  the  CUCME  4.3/7.0.  The  2600 
XM  router  does  support  CUCME  4.0  and  if 
you're  on  a  tight  budget,  I  recommend  it.  If 
money  is  not  as  tight,  purchase  one  of  Cisco's 
Integrated  Services  Routers  (ISR).The  2801 
ISR  router  is  the  cheapest  in  the  ISR  family, 
but  it  should  give  you  most  of  the  flexibility 
you  need  for  a  smaller  home  based  lab  and 
should  set  you  back  about  $1,000." 
www.nwdocfinder.com/6737 

fl  Outsourcing  trends  concern  stu¬ 
dents  considering  careers  in  IT.  Denise 
Dubie  writes  in  her  Management  Maven  blog, 
"U.S.  high  school  students  polled  by  the 
Washington  Alliance  of  Technology  Workers 
say  the  current  trend  in  outsourcing  Ameri¬ 
can  high-tech  jobs  makes  them  wary  of  tak¬ 
ing  a  computer-related  career  path.  Wash- 
Tech  News  wrote  students  entering  college 
worry  that  studying  IT  or  other  computer  sci¬ 
ence-related  courses  might  be  a  waste  of 
their  time  —  if  they  lose  their  jobs  to  out¬ 
sourcing  in  the  future.  For  instance,  Rogan 
Kriedt,  17,  a  student  at  Pacific  Collegiate  in 
Santa  Cruz,  Calif.,  said:  'I  like  Math  a  lot  but 
after  I  saw  the  rapid  pace  of  American  IT 
jobs  outsourced,  I  decided  to  not  choose 
Computer  Science  or  IT.  I  am  choosing 
Economics.  Outsourcing  worries  me  and  I 
feel  powerless  to  do  anything  about  it.'" 
www.nwdocfinder.com/6738 


Actor  Ashton 
Kutcher  talks  tech 

Kutcher  talks  about  his 
interest  in  tech  and  his 
new  start-up,  Blah 
Girls. 

www.nwdocfinder.com/6742 
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Casio’s  camera 
offers  fast  shooting 

Casio  is  following  its  FI 
digital  camera  with  the 
High  Speed  Exilim  FH- 
20,  which  is  more  com¬ 
pact,  offers  a  higher 
resolution  and  is  less 
expensive. 

www.nwdocfinder.com/6743 


Fuel  cell  for  mobile 
devices 

A  fuel  cell  for  users 
who  are  on  the  go  and 
can't  stop  to  power  up 
their  devices. 

www.nwdocfinder.com/6744 
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Management  vendors  continue 
to  drop  the  V  word 


Network  management:  It's  not  enough  to 
talk  about  virtualization  any  more;  manage¬ 
ment  vendors  are  lining  up  to  show  their  sup¬ 
port  for  the  technology  from  VMware, 
Microsoft,  Citrix  and  anyone  else  planning  to 
make  their  name  with  virtual  technologies. 
Management  software  makers  such  as  new¬ 
comer  BlueStripe  Software  announced  their 
plans  to  make  easier  managing  system  and 
application  components  in  virtual  environ¬ 
ments.  Companies  such  as  Embotics  and 
VKernel  have  made  available  free  tools  for  dif¬ 
ferent  management  tasks  involving  virtual 
machines.  And  last  week  companies  such  as 
Integrien  and  Splunk  showed  some  14,000 
VMworld  attendees  how  they  have  separately 
updated  their  product  portfolios  with 
VMware-specific  capabilities.  And  VKernel 
not  only  showcased  its  free  SearchMyVM 
application,  but  also  introduced  show  atten¬ 
dees  to  its  VKernel  Modeler  tool.  A  newcomer 
to  virtualization  management  space, 
Glasshouse  Technologies,  introduced  its  suite 
of  managed  infrastructure  services.  For  its 
part,  Integrien  added  new  analytics  and 
VMware-specific  visualizations  to  its  flagship 
Alive  software.  Splunk  created  a  free  add-on  to 
its  Splunk  Server  software  called  Splunk  for 


VMware  that  Integrates  with  VMware  manage¬ 
ment  APIs  to  provide  insight  into  perfor¬ 
mance  metrics  and  configuration  data  of  vir¬ 
tual  machine  deployments.  And  VKernel 
Modeler  enables  IT  administrators  to  post 
'what  if  scenarios  and  see  the  hypothetical 
results,  which  helps  them  plan  for  capacity 
based  on  existing  and  potential  resources  to 
meet  performance  demands.  GlassHouse 
Technologies  says  its  managed  services  offer¬ 
ing  will  monitor  the  performance  of  servers, 
storage,  network  and  any  components  that 
surround  the  virtualization  layer. 
www.nwdocfinder.com/6733 

IT  careers:  SAP  skills  are  continuing  their 
meteoric  rise  in  value,  but  the  latest  research 
shows  numerous  other  skills  boosting  the  pay- 
checks  of  IT  workers.  Non-certified  skills  in  uni¬ 
fied  messaging,  wireless  networking,  PHPXML, 
Oracle  applications,  business  intelligence  and 
network  security  all  rose  in  value  significantly 
during  the  first  half  of  2008,  according  to  Foote 
Partners,  a  provider  of  research  on  IT  career 
trends.  If  you  look  at  the  past  12  months, skills 
in  AJAX  and  storage-area  networking  can  be 
added  to  the  list  of  skills  rising  in  value. 
www.nwdocfinder.com/6734 
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If  you  think  losing  your  data  is  the  worst  thing  that 
can  happen  today,  wait  until  you  tell  your  boss. 


SonicWALL®  Network 
Security  Appliance  2400 

•  Multi-core  hardware  design  and  Patented 
Reassembly-free  Deep  Packet  Inspection 
(RFDPI)  technology  with  6GbE  interfaces 

•  Offers  high-quality  threat  prevention,  rapid 
deployment  and  lowered  TCO 

•  Combines  high-speed  intrusion  prevention, 
file  and  content  inspection  and  powerful 
application  firewall  capabilities  with  an 
extensive  array  of  advanced  network  and 
configuration  flexibility  features 


$2494 

CDW 1464508 
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WatchGuard®  Trade  Up 
Firebox  X750e  Bundle1 

•  VPN  endpoint  and  firewall  security  appliance 
designed  for  comprehensive  protection,  including 
proactive  true  zero-day  attack  prevention 

•  8-port  1 0/1 00BASE-TX;  firewall  throughput 
300+Mbps 

•  Bundle  includes  appliance,  one-year  subscription 
to  Gateway  AntiVirus/Intrusion  Prevention 
Service  with  antispyware,  spamBlocker, 
WebBlocker  and  extended  hardware  warranty, 
threat  alerts  and  technical  support 


(V\^)atchGuard  $219999 

CDW  1249253 


Symantec™  Endpoint  Protection  11.0 

•  Combines  Symantec  AntiVirus""  with  advanced 
threat  prevention  in  a  single  agent,  delivering  an 
unmatched  defense  against  malware  for  notebooks, 
desktops  and  servers 

•  Seamlessly  integrates  essential  security  technologies 
in  a  single  agent  that  is  administered  via  a  single 
management  console,  increasing  protection  and 
helping  lower  total  cost  of  ownership 


100-249  user  license  with  1-year  Essential  Support2 
$32.99  CDW  1314200 


We're  there  with  the  security  solutions  you  need. 

Yes,  antivirus  does  protect  your  company's  data.  But  if  you  need  to  work  remotely,  antivirus  protection  no 
longer  cuts  it.  Just  ask  our  personal  account  managers.  They've  heard  their  share  of  data  security  horror 
stories,  but  you  can  rest  assured  they  can  provide  you  expert  advice  on  how  to  get  the  full  mobile  security 
you  need.  They  can  even  connect  you  to  a  highly  trained  technology  specialist  who  can  help  you  with 
anything  from  VPNs  and  data  encryption  to  wireless  security  management  and  custom  solutions.  So  call 
CDW  today  and  protect  your  network  before  you  become  a  data  security  story  for  someone  else. 

CDW.com  |  800.399.4CDW 

~~m~r  nrr~  “irnir  w ~-irr . — iminrT"  ; . . ~wi  — t — ft ~‘'"y  "  ms;: •  •  $0 

’An  existing  eligible  device  is  required  in  order  to  activate  this  product;  call  your  CDW  account  manager  for  details.  Essential  Support  includes  24x7  technical  phone 
support  and  upgrade  insurance;  call  your  CDW  account  manager  for  details.  Offer  subject  to  CDW's  standard  terms  and  conditions  of  sale,  available  at  CDW.com. 

©2008  CDW  Corporation 
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Follow  these  links  to  more  resources  online 


Cisco  accelerates  data 
center  push 

Cisco  last  week  launched  several  products  designed  to  expand  the  capabilities 
of  its  switches  and  routers  in  further  virtualizing  data  center  systems  and 
processes.The  broadened  lineup  includes  virtual  machine  switching  software 
called  VN-Link  that  comes  in  two  flavors:  Nexus  1000Y  which  is  a  software-only  ver¬ 
sion  for  multivendor  servers;  and  hardware  embedded  into  Ciscos  Nexus  5000  data 
center  switch.  Other  additions  include  storage-area  network  switching  modules 
and  operating  system  enhancements,  as  well  as  extensions  to  its  WAN  application 
acceleration  portfolio.  The  enhancements  to  Cisco’s  Wide  Area  Applications 
Services  appliance  include  new  platforms  with  blades  that  feature  desktop  virtual¬ 
ization  capabilities.  The  products  underscore  Cisco’s  intention  to  assume  more 
general  and  overall  IT  functions  within  compute-intensive  data  centers  beyond  its 
traditional  switching  and  routing  role.www.nwdocfinder.com/6745 

Google  floats  data  center  idea.  Google, 
which  has  been  building  out  its  data  center 
inventory  for  the  past  few  years,  is  literally 
floating  its  latest  idea  for  the  location  of  such 
facilities  at  the  U.S.  Patent  Office.The  company 
filed  a  patent  application  for  a  “water-based 
data  center”  detailing  a  floating  data  center, 
complete  with  an  energy  supply  fed  by  a 
wave-powered  generator  system,  and  a  wind- 
powered  cooling  system  using  sea  water. The 
patent  application,  published  Aug.  28, 
describes  a  modular  setup  that  calls  for  “crane 
removable  modules”  that  store  racks  of  com- 
puters.The  modules  would  facilitate  adding, 
subtracting  and  moving  the  computing 
power. The  patent  application  also  details  tap¬ 
ping  waves  and  water  motion  to  generate 
power  and  the  ability  to  configure  the  system 
in  different  ways,  including  on-ship  and  on¬ 
shore  data  centers,  various  cooling  mecha¬ 
nisms,  backup  systems  and  even  temporary 
housing  and  helicopter  pads  to  support  IT 
maintenance  staff. 
www.nwdocfinder.com/6746 

Apple  finally  fixes  important  DNS  bug. 

Apple  has  released  a  security  update  for  its 
Mac  OS  X  operating  system,  fixing  a  critical 
Internet  security  flaw  that  the  company  had 
failed  to  properly  patch  in  late  July  The  Mac 
OS  X  v  10.5.5  security  update  released  last 
week  fixes  security  bugs  in  Apple’s  software  as 
well  as  several  open  source  components  that 
ship  with  the  operating  system.  In  all,  more 
than  25  bugs  have  been  patched.  But  the 
Internet  flaw,  which  has  to  do  with  the  DNS,  is 
the  most  widely  publicized  issue.  Apple,  like 
many  other  operating-system  vendors,  was 
forced  to  patch  its  DNS  software  after  security 
researcher  Dan  Kaminsky  discovered  a  funda¬ 
mental  bug  in  the  way  this  type  of  software  is 
built.  On  July  31, Apple  had  attempted  to 
patch  the  flaw  in  Mac  OS  X,but  security 
experts  quickly  discovered  that  while  Apple’s 
bug  fix  worked  on  the  server  side,  it  did  not  fix 


the  issue  on  the  client  software. 

www.nwdocfinder.com/6749 

IBM  set  to  roll  Notes  hosting  service. 

IBM  plans  to  crank  up  its  first-ever  Notes  host¬ 
ing  service  that  will  cater  to  companies  with 
1,000  to  10,000  users.  IBM’s  Notes  hosting  ser¬ 
vice  will  offer  Notes  at  a  price  of  $8  to  $18  per 
seat  per  month,  said  Bob  Picciano,the  general 
manager  of  Lotus  Software.  He  said  IBM  will 
offer  hosting  of  “messaging  and  advanced  col¬ 
laboration  environments”  but  did  not  elabo¬ 
rate.  IBM  has  a  number  of  partners  that  host 
Notes  environments  for  users,  including  Blue 
Sky  Hosting,  Domino  Developer  Network  and 
Prominic.Net.  But  IBM  has  never  had  a  formal 
hosting  service  around  Notes/Domino  for  cus¬ 
tomers.  What  have  been  offered  are  one-off, 
highly  customized  environments.This  new  ser¬ 
vice  will  be  opened  to  a  mass  audience. 
www.nwdocfinder.com/6747 

Intel’s  six-core  Dunnington  hits  the 
market.  Intel’s  latest  server  chips,  the  Xeon 
7400  series,  formerly  called  Dunnington,  are 
now  available  in  six-core  and  quad-core  mod¬ 
els  designed  to  be  used  in  systems  with  four 

or  more  processors.The  _ 

chip  line  offers  a  perfor¬ 
mance  bump  over  its 
predecessor,  the  Xeon 
7200  series,  Intel  said. 

Much  of  that  increase 
comes  from  adding  a 
16MB  level  3  cache.The 
7400  series  processors 
are  the  first  Xeon  chips 
to  use  a  level  3  cache, 
which  stores  data  closer  to  the  processor 
cores,  helping  to  boost  overall  performance. 
The  extra  cores  also  help.  Unlike  desktops  and 
laptops  that  rarely  run  applications  capable  of 
tapping  the  full  processing  power  of  quad- 
core  chips,  many  server  applications, such  as 
virtualization,  run  better  on  multicore  proces- 
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sors.  www.nwdocfinder.com/6748 

Cisco  buys  Jabber  for  instant  messag¬ 
ing.  Cisco  plans  to  buy  instant  messaging 
platform  vendor  Jabber,  a  move  that  could 
heighten  its  battle  with  Microsoft  over  the  col¬ 
laboration  and  office  communications  mar¬ 
ket. Terms  of  the  deal,  which  is  expected  to  be 
completed  in  the  first  half  of  Cisco’s  fiscal 
2009,  were  not  disclosed.  Jabber  has  devel¬ 
oped  a  “carrier-class”  platform  based  on  open 
standards  that  can  work  across  multiple  mes¬ 
saging  systems,  such  as  AOL  Instant 
Messenger,  Google  Talk, Yahoo  Messenger  and 
Office  Communications  Server.  Cisco  intends 
to  use  it  to  become  “the  interoperability 
benchmark  in  the  collaboration  space,”  said 
Doug  Dennerline,  Cisco  senior  vice  president. 
The  pending  Jabber  deal  comes  just  a  few 
weeks  after  Cisco  took  another  shot  across 
Microsoft’s  bow  by  announcing  plans  to  buy 
PostPath,  maker  of  e-mail  and  calendaring 
software  www.nwdocf inder.com/6750 

Oracle  results  beat  analysts’  expecta¬ 
tions.  Oracle  last  week  reported  first-quarter 
2009  revenue  was  $5.3  billion,  a  rise  of  18%, 
while  net  income  was  $1.1  billion,  a  28% 
increase  over  last  year.  Software  revenue  rose 
20%  to  $4.2  billion,  while  new  software  license 
sales  were  $1.2  billion,  an  increase  of  14%. 
Oracle  can  continue  to  post  strong  growth 
despite  the  turbulent  economy  for  a  couple  of 
reasons,  CEO  Larry  Ellison  said  during  a  con¬ 
ference  call. “The  license  renewal  business  ... 
is  about  half  of  our  business,”  he  said. “That’s 
an  extremely  high-margin  business  and  con¬ 
tinues  to  growl’ Oracle’s  dominance  in  certain 
key  products,  such  as  databases,  helps  sustain 
its  momentum,  Ellison  added.  Oracle’s  annual 
OpenWorld  user  conference  gets  underway 
this  week  in  San  Francisco. 
www.nwdocfinder.com/6751 

Net  management,  security  spending 
safe  from  IT  budget  cuts.  IT  spending 
on  network  performance  management  and 
security  technologies  could  weather  the 
current  U.S.  economic  storm,  according  to 
recent  survey  results  that  show  a  majority 
of  respondents  plan  to  increase  budgets  for 
the  two  IT  disciplines  in  2009.  While  indus¬ 
try  watchers  such  as  Goldman  Sachs  and 
Forrester  Research  adjust  their  spending 
estimates  down  for  the  coming  months,  a 
poll  of  100  attendees  at  last  week’s  Interop 
New  York  2008  conference  showed  certain 
technology  areas  will  be  spared  from  cuts. 
Interop  attendees  also  said  they  plan  to 
spend  more  on  virtualization  and  wireless 
LAN/WAN  in  2009.  Spending  on  WAN  opti¬ 
mization,  unified  communications,  change 
management  and  managed  services  is 
expected  to  remain  the  same  for  a  majority 
of  those  polled. 

www.nwdocfinder.com/6752 
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NEC’s  advanced  communications 
solutions  put  you  in  charge  when  it 
matters  most. 


Finally,  a  communications  solution  capable  of  providing  up-to-date  patient 
information  whenever  and  wherever  it  is  needed. 

NEC’s  Unified  Communications  provide  a  dynamic  and  realistic  connection  among 
individuals,  devices,  applications,  and  data.  Based  on  a  combination  of  innovative 
technologies  and  advanced  solutions,  its  mobility  and  flexibility  enables  people  to 
experience  greater  efficiency  and  productivity  -  in  any  industry. 

Integrated  IT  and  networking  solutions  like  these  have  made  NEC  a  world  leader, 
and  your  reliable  business  partner. 

Regardless  of  the  communications  solution  your  business  demands,  you  are 
assured  of  one  thing:  NEC.  Empowering  you  through  innovation. 

—  www.necus.com/necip 
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Interop  focuses  on 
virtualization  technology 


ii 


BY  TIM  GREENE  AND  JIM  DUFFY 

NEW  YORK  —  Users  need  to  warily  embrace 
virtualization  was  the  message  put  forth  by 
speakers  at  Interop  New  York,  where  attendees 
tried  to  sort  out  how  to  proceed  with  technol¬ 
ogy  investments  in  the  face  of  possible  IT  bud¬ 
get  cuts  prompted  by  the  Wall  Street  financial 
crisis  unfolding  just  blocks 
away  (see  story  on  page  14). 

Interop  shared  space  with 
Mobile  Business  Expo  in  an 
effort  to  bolster  both  events 
in  an  economy  where  trade 
show  attendance  is  flagging,  and  together 
they  hoped  to  draw  a  total  of  13,000  people 
over  the  course  of  the  four-day  event,  show 
officials  said. 

Interop  attendees  heard  that  cloud  comput¬ 
ing  will  help  companies  accomplish  more, 
but  new  security  threats  must  be  overcome  to 
fully  benefit  from  this  new  technology,  speak¬ 
ers  said. 

Virtualization  is  a  “chameleon  concept”  with 
one  common  denominator:  breaking  the  bond 
with  physical  reality  “so  you  can  do  more,” 
Marie  Hattar,vice  president  of  network  systems 
and  security  solutions  at  Cisco,  said  during  her 
keynote  address.  “It’s  one  asset  to  many,  or 
many  assets  to  one.” 

But  perhaps  the  most  critical  issue  is  the 
numerous  security  holes  opened  up  by  virtu¬ 
alization  and  cloud  computing.  “A  hypervisor 
needs  hypersecurity”  Hattar  said,  as  Cisco 
found  out  when  it  virtualized  its  own  servers. 
“We  have  to  rethink  our  security  approach  be¬ 
cause  when  we  virtualized,  it  increased  com¬ 
plexity.  In  cyberspace,  there  are  a  lot  more 
points  of  entry!’ 

She  stressed  that  companies  embarking  on 
virtualization  and  cloud  computing  need  to 
plan  copiously  for  operations,  management, 
control  and  security  of  the  new  infrastructure. 

Her  points  were  echoed  by  Novell  President 
and  CEO  Ron  Hovsepian,  who  said  companies 
need  to  overcome  challenges  such  as  reduced 
spending,  complex  management  and  risk  miti¬ 
gation  in  order  to  have  their  heterogeneous  IT 
assets  work  as  a  unified  system. 

Key  to  bringing  IT  assets  together  are  inject¬ 
ing  agility  into  the  data  center  through  virtual¬ 
ization;  enhancing  user  productivity  through 
collaboration  and  pinpoint  management  of 
enterprise  desktops;  and  implementing  and 
enforcing  companywide  IT  identity  and  secu¬ 
rity  policies  and  procedures  through  access 
and  compliance  management  strategies. 

While  Hovsepian  touted  the  benefits  virtual¬ 
ization  and  cloud  computing  can  bring  — 
improving  use  of  storage  arrays,  reducing 
power  consumption, streamlining  server  archi- 
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tecture  —  another  speaker  focused  on  the 
litany  of  new  risks  virtualization  comes  with. 

At  least  for  now,  virtual  servers,  the  hypervi¬ 
sors  that  oversee  them,  the  management  plat¬ 
forms  that  govern  them  and  the  IT  staff  that  sets 
them  up  and  runs  them  day  to  day  are  all 
potential  attack  vectors,  says  Joshua  Corman, 
principal  security  analyst 
for  IBM/ISS.  “Virtualization 
is  a  game  changer  for  good 
and  for  bad,”  he  said. 

IT  staffs  under  financial 
pressure  to  implement  vir¬ 
tual  servers  may  be  overworked  and  lose  the 
diligence  to  properly  plan  secure  deploy¬ 
ments,  Corman  said. “Virtualization  requires 
more  discipline  and  enforcement  of  policies 
than  before,”  he  said. 

Virtual  technology  presents  weak  spots  for 
attackers  to  take  advantage  of, Corman  said. In 
particular,  virtual  environments  are  a  “man¬ 
agement  nightmare”  where  each  virtual 
machine  may  spawn  another  that  could 
appear  virtually  anywhere.  This  makes  in¬ 
stances  of  servers  hard  to  find  let  alone  pro¬ 
tect,  he  says,  and  this  “server  sprawl”  can  lead  to 
catastrophic  failures,  he  said. 


Novell  CEO  Ron 
Hovsepian  said 
companies  are 
under  a  lot  of 
pressure  to  over¬ 
come  challenges 
such  as  reduced 
spending,  complex 
management  and 
risk  mitigation. 


Individual  virtual  machines,  called  guests, 
can  fall  into  vulnerable  configuration  due  to  a 
feature  of  virtualization  that  suspends  them 
when  they  are  not  used,  he  said.  When  the 
applications  these  guests  host  are  needed,  they 
are  brought  back  online,  but  in  the  meantime 
may  have  missed  critical  security  updates  and 
are  left  open  to  exploits. 

Hypervisors  that  oversee  virtual  servers  are 
designed  to  be  small  and  simple  to  make  them 
more  difficult  to  attack.  But  they  can  be  ex¬ 
ploited  according  to  publicly  announced 
research,  and  that  allows  unlimited  access  to 
all  the  virtual  machines  they  control,  Corman 
said.'Jf  they  get  into  the  hypervisor,  the  game  is 
over!’ he  said. 

While  grappling  with  the  rigors  of  virtual 
security,  show-goers  were  encouraged  to  em¬ 
brace  green  networking  principles,  if  not  for 

See  Interop,  page  44 
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Nortel  may  shed  metro 
Ethernet  unit 

Nortel  lowered  its  revenue  expectations  for 
the  third  quarter  last  week,  blaming  delays 
in  delivering  certain  products,  and  said  it 
will  consider  selling  its  metro  Ethernet  net¬ 
working  business.The  metro  Ethernet  busi¬ 
ness  is  in  need  of  consolidation,  and  selling 
the  division  will  provide  funds  for  further 
restructuring  to  cut  costs  and  maintain 
margins,  said  Nortel’s  President  and  CEO 
Mike  Zafirovski  in  a  conference  call.  Nortel 
will  continue  to  invest  in  R&D  of  metro 
Ethernet  products  while  it  looks  for  a  buyer, 
and  will  maintain  its  timetable  for  introduc¬ 
ing  new  products,  he  said.  Nortel  expects 
third-quarter  revenue  to  total  around  $2.3 
billion,  a  drop  from  $2.7  billion  in  the  third 
quarter  last  year.  Performance  for  the  rest 
of  the  year  will  also  be  lower  than  expected, 
Nortel  said,  as  carriers  are  cutting  their 
capital  expense  plans  and  some  enterprise 
customers  have  deferred  investments  in  IT 
and  optical  networks. 

IBM  launches  social  software 
think  tank 

IBM  is  opening  the  Center  for  Social 
Software,  a  think  tank  for  developing 
social  technologies,  officials  said  during  a 
presentation  at  the  Massachusetts 
Institute  ofTechnology  last  week. 
Researchers  from  IBM’s  labs  in  Cam¬ 
bridge,  Mass.;  New  York;  San  Jose;  Haifa, 
lsrael;Tokyo  and  Beijing,  as  well  as  offi¬ 
cials  from  various  business  units,  may  do 
stints  there,  IBM  said. The  global  scope 
will  allow  the  company  to  pull  various  cul¬ 
tural  perspectives  into  the  development  of 
social  software,  said  Irene  Greif,  IBM 
Fellow  and  center  director.  IBM  also  is 
planning  outreach  to  local  universities, 
internship  programs  and  “corporate  resi¬ 
dencies,"  where  private  companies  can 
send  development  teams  to  work  along¬ 
side  IBM  scientists  on  social-software 
projects. 

Amazon  testing  content 
delivery  Web  service 

Amazon  plans  by  year-end  to  expand  its 
roster  of  hosted  computing  services  for 
developers  with  a  content  delivery  network. 
The  goal  of  the  still  unnamed  service  is  to 
give  application  developers  a  vehicle  for  dis¬ 
tributing  public  Web  content  with  low  latency 
and  high  data  transfer  rates,  Amazon  an¬ 
nounced  via  its  Web  Services  blog. The  ser¬ 
vice  is  now  in  private  beta  testing. 
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right  gear. 


Your  business  is  demanding  more,  competition  got 
meaner  and  your  boss  just  informed  you  that  you 
have  less  resources. 

There’s  one  company  that  has  geared  its  networks 
solution  to  meet  the  needs  of  today’s  harsh 
business  reality... 


By  focusing  on  delivering  insight  and  control  from 
the  core  to  the  edge,  Extreme  Networks0  provides 
a  robust  solution  that  can  help  any  organization 
deal  with  the  problems  that  are  rampant  today 
— and  expected  tomorrow. 

Be  Extreme.  Your  CEO  will  do  a  wheelie. 
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NEWS  ANALYSIS 


Financial  crisis  signals  end  of  era 

Financial  collapse  brings  on  data  center  grab,  clash  of  cultures 


Wail  Street  in  turmoil 

Research  firmTABB  Group  predicts  a  steep  decline  in  technology-related 
spending  next  year  among  investment  banks  due  to  this  year’s  collapse  of 
Bear  Stearns,  Lehman  Brothers  and  ongoing  industry  mergers  during  the 
financial  crisis. 

Securities  industry  spending  on  IT  assets  and  staff 
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BY  ELLEN  MESSMER  AND  BRAD  REED 

Wall  Street’s  financial  meltdown  last  week 
promises  to  forever  change  the  way  IT  spend¬ 
ing  is  handled  in  the  securities  industry  as  the 
old  giants  of  the  capital  markets  stumble  and 
banking  behemoths  move  in  to  devour  them 
whole  or  in  part,  scooping  up  technology 
assets. 

Lehman  Brothers’  tumble  into  bankruptcy 
last  week  sparked  the  London-based  bank 
Barclays  to  pounce  on  two  Lehman  data  cen¬ 
ters  and  its  New  York  City  headquarters  build¬ 
ing  at  a  fire-sale  price.  Merrill  Lynch,  facing  its 
own  troubles,  agreed  to  be  acquired  by  Bank 
of  America  for  about  $50  billion  in  a  stock- 
swap  deal.  These  stunning  developments  sig¬ 
nal  a  new  era  in  which  more  often  banks  will 
be  in  control  of  IT  spending  for  securities  trad¬ 
ing  technology,  and  analysts  foresee  a  culture 
clash  coming. 

“Banking  tends  to  not  need  real-time  infor¬ 
mation  as  much  as  capital  markets,”  says  Sean 
O’Dowd, senior  analyst  at  Financial  Insights,  an 
IDG  company.  “Banks  do  batch  overnight. 
Capital  markets  do  millions  of  transactions 
processed  in  milliseconds.  It’s  a  different  type 
of  culture.” 

“It’s  the  cornerstone  of  what  the  next  genera¬ 
tion  of  this  industry  is  going  to  look  like,”  says 
Robert  Iati,  partner  at  TABB  Group,  a  research 
firm  that  closely  watches  the  North  American 
securities  industry 

And  changes  may  be  in  store  for  Wall  Street’s 
last  two  standing  investment  houses,  Morgan 
Stanley  and  Goldman  Sachs,  which  are  fighting 
the  most  severe  market  meltdown  since  the 
1930’s  because  of  the  credit  crunch. 

In  this  new  era,  banks  buttressed  by  their 
core  lending  will  be  taking  the  lead  as  “one- 
stop  shops,”  Iati  says,  with  Bank  of  America  pos¬ 
sibly  becoming  a  global  powerhouse  like 
Citibank,  UBS  or  JPMorgan. 

But  what  are  the  implications  for  jobs  and 
spending  on  IT  assets  in  the  securities  industry 
accustomed  to  lavishing  fabulous  sums  on 
ultra-fast  networks  to  compete  in  electronic 
trading,  where  today  even  a  nanosecond  may 
count? 

“Merrill  last  year  spent  between  $3.5  and  $4 
billion  on  people  and  technology’  Iati  says. 
“Lehman’s  outlay  was  $2.5  to  $3  billion.”  But 
TABB  Group,  largely  as  a  result  of  last  week’s 
events,  predicts  a  sharp  decline  in  IT-related 
spending  for  the  North  American  securities 
industry  from  $24.2  billion  last  year  to  $21.9  bil¬ 
lion  this  year  and  down  to  $17.6  billion  next 
year  (see  graphic). 

Employment  is  uncertain 

Jobs  are  uncertain  at  best  in  a  financial-ser¬ 
vices  world  facing  such  unprecedented 


upheaval, especially  where  securities  trading  is 
increasingly  automated,  with  brokers  less 
needed  than  in  the  past. 

Lehman  last  counted  about  26,200  employ¬ 
ees  worldwide.  Barclays,  the  London-based 
bank,  says  it’s  stepping  in  to  acquire  Lehman’s 
North  American  investment  banking  and  trad¬ 
ing  operations  for  $250  million,  as  well  as 
Lehman’s  two  data  centers  in  New  Jersey 
(where  a  New  York  Stock  Exchange  electronic 
hub  also  exists)  and  Lehman’s  New  York  head¬ 
quarters  for  $1.75  billion. This  is  seen  as  a  bar¬ 
gain-basement  price  for  a  firm  valued  last  year 
at  $10  billion. 

“This  is  a  once-in-a-lifetime  opportunity  for 
Barclays,”  said  Barclays  President  Robert 
Diamond  in  a  statement  issued  last  week, 
which  said  Barclays  expects  to  be  able  to 
hire  as  many  as  10,000  Lehman  employees. 
The  Barclays  deal,  subject  to  approval  of  a 
bankruptcy  court,  has  to  be  completed  by 
Sept.  24. 

O’Dowd  says  that  Lehman,  now  in  bank¬ 
ruptcy  faces  a  critical  period  in  which  it’s 
uncertain  whether  jobs  in  IT  or  business  divi¬ 
sions  will  exist. 

If  the  Bear  Stearns  collapse  is  any  guide, 
O’Dowd  says,  there  can  be  a  “great  loss  of  faith 
by  your  client  base  and  they’re  running  to  the 
door.  You’re  losing  business.  And  the  competi¬ 
tive  vultures  are  looking  to  pick  off  departing 
traders,  even  offering  them  sign-on  bonuses.” 
This  may  happen  to  IT  staff,  too,  but  it’s  clear 


Barclays  is  intent  on  gaining  Lehman’s  tech¬ 
nology  assets. 

While  analysts  often  use  the  word  “synergy”  to 
describe  the  Bank  of  America  bid  to  acquire 
Merrill  Lynch  because  the  business  lines  of 
these  two  companies  have  little  overlap,  the 
merger  is  expected  to  bring  some  friction  in 
culture  and  technology 

“At  Bank  of  America,  it’s  a  different  type  of 
culture,”  O’Dowd  says,  noting  Bank  of  America 
has  historically  been  inclined  to  do  more  soft¬ 
ware  applications  development  in-house, while 
Merrill  Lynch  will  more  readily  turn  to  outside 
vendors.  Banks  put  more  focus  on  batch-pro- 
cessing,  while  securities  trading  is  about  ultra¬ 
fast  network  speeds. 

A  Bank  of  America  spokesman  said  the  bank 
couldn’t  discuss  IT  operations  prior  to  the 
merger  with  Merrill  Lynch,  which  is  expected 
early  next  year. 

Iati  and  O’Dowd  don’t  see  how  there  won’t 
be  IT  job  losses  and  reduced  spending  at 
Merrill  Lynch  and  Lehman,  if  only  because  of 
some  technology  redundancies.  Other  analysts 
agree  somewhat  but  are  more  optimistic. 

Gartner  analyst  Ken  McGee  argues  that 
demand  for  IT  services  and  products  for  major 
financial  institutions  is  fairly  inelastic  because 
investment  in  technology  is  so  crucial  for 
remaining  competitive  and  for  keeping  data 
secure. 

“There  are  more  toys  on  trading  desks  per 

See  Wall  Street,  page  15 


14  •  SEPTEMBER  22,  2008  •  www.networkworld.com 


NEWS  ANALYSIS 


WiMAX  lab  to  tap  student  creativity 

Maryland  project  will  develop  applications  for  student,  public  safety  use 


BY  BRAD  REED 

While  Sprint  officially  launches  commercial 
WiMAX  services  for  the  first  time  in  Baltimore 
this  month,  one  college  campus  30  miles  to 
the  south  will  be  building  its  own  mobile 
WiMAX  network  that  will  be  used  to  test  next- 
generation  applications  for  mobile  broad¬ 
band  services. 

The  James  Clark  School  of 
Engineering  at  the  University  of 
Maryland  is  deploying  WiMAX 
nodes,  routers,  base  stations  and 
other  equipment  on  its  campus 
to  create  a  large  testing  ground 
for  next-generation  mobile 
broadband  capabilities.  The  lab, 
which  is  being  built  in  collabora¬ 
tion  with  the  industry  group  the 
WiMAX  Forum,  will  give  students 
the  opportunity  to  test  applica¬ 
tions  on  a  mobile  broadband  ser¬ 
vice  that  is  not  expected  to  be 
available  in  most  of  the  United 
States  until  2009.  As  one  of  only 
two  WiMAX  Forum  labs  in  the 
world  —  the  other  is  in  Taiwan  — 
expectations  are  high  that  it  will 
spark  a  wave  of  innovation  that 
will  showcase  WiMAX’s  strength  as  a  mobile 
data  standard. 

Ashok  Agrawala,  a  University  of  Maryland 
computer  science  professor  who  is  directing 
the  lab,  says  that  most  of  the  equipment  is 
being  provided  by  the  Laboratory  for  Telecom- 


Wall  Street 

continued  from  page  14 

person  than  on  any  other  industry  McGee 
says. “Our  position  has  been  despite  problems 
in  the  economy, we  would  not  have  a  recession 
in  America,  and  that  has  proven  to  be  the  case 
so  far” 

But  are  such  perks  reaching  their  limit? 

Independent  analyst  Richard  Stiennon  says 
just  last  week  he  witnessed  an  investment 
bank  cancel  a  security  project  for  8,000  desk¬ 
tops  for  traders  and  executives  working  from 
home  because  of  an  IT  spending  cutback.  But 
he  said  in  spite  of  this, he  does  expect  to  see  an 
uptick  in  outlays  next  year. 

Forrester  Research  analyst  Ellen  Carney 
notes  that  procurement  departments  at  major 
financial  institutions  have  likely  known  for  two 
years  that  their  companies  could  be  in  trouble 
due  to  the  meltdown  in  the  sub-prime  loan 
market.  Because  of  this,  she  expects  that  many 
of  them  have  budgeted  their  IT  expenses 
accordingly 

If  anything,  Carney  says,  IT  vendors  could  see 


munications  Sciences  (LTS),  a  federal  re¬ 
search  lab  located  on  the  campus.  Much  of 
the  gear  being  deployed  at  the  lab  comes  from 
Motorola,  he  says,  including  WiMAX  base  sta¬ 
tions  and  antennae.  Additionally,  Agrawala 
expects  device  vendors  to  donate  some 
WiMAX-enabled  cell  phones,  PDAs  and  lap¬ 
tops  to  the  lab,  and  that  eventual¬ 
ly  the  lab’s  network  will  support 
“at  least  30  to  50  different 
devices”  during  experiments. 

Agrawala  says  that  once  the  lab 
is  operational  later  this  year, com¬ 
puter  science  students  will  start 
working  on  applications  that  will 
give  everyone  on  campus  instant 
access  to  crucial  information 
such  as  class  schedules,  campus 
maps  and  schedules  of  events  on 
campus.  And  that’s  not  all:  other 
applications  in  the  works  include 
real-time  updates  on  the  campus 
bus  system, as  well  as  updates  on 
the  nearby  Washington,  D.C., 
Metro  system;  dining  hall  menus; 
and  even  a  public  safety  applica¬ 
tion  that  will  send  emergency  sig¬ 
nals  directly  to  police  once  acti¬ 
vated. 

“With  the  public  safety  application,  all  you’ll 
have  to  do  is  touch  one  button  that  will  open 
up  a  window  on  the  police  dispatch, ’’Agrawala 
says.  “It  will  then  open  an  audio  and  video 
screen  so  police  can  record  the  incident  as  it’s 


some  expanded  opportunities.  She  says  the 
federal  government  is  likely  to  create  a  host  of 
new  regulations  in  the  aftermath  of  the  crisis, 
and  firms  specializing  in  complying  with  new 
reporting  requirements  could  get  a  particular 
boost. 

Paul  Polishuk,  president  of  Information 
Gatekeepers  research  group,  says  the  increas¬ 
ing  number  of  mergers  and  acquisitions  will 
boost  the  market  for  IT  firms  that  specialize  in 
integrating  networks. 

“Because  Merrill  Lynch  is  going  to  be  bought 
by  Bank  of  America,  their  assets  are  going  to 
have  to  be  upgraded,”  he  says. 

“And  since  Bank  of  America  and  Merrill 
Lynch  are  two  very  different  businesses, a  good 
deal  of  work  will  have  to  be  done  to  get  them 
integrated.” 

But  Polishuk  and  Carney  see  a  negative 
impact  in  the  short  term  for  IT  workers, 
because  all  mergers  and  bankruptcies 
inevitably  result  in  layoffs.’There  could  be  a  lot 
of  IT  people  in  Manhattan  out  of  work,”  says 
Carney.“Any  way  you  slice  it,  there  are  going  to 
be  redundancies.”* 


happening.” 

WiMAX’s  potential  to  deliver  high-speed 
public  safety  applications  isn’t  limited  to  send¬ 
ing  messages  in  emergency  situations. 
Another  application  that  is  being  considered, 
Agrawala  says,  is  a  map  application  where  stu¬ 
dents  with  disabilities  can  find  all  handicap- 
accessible  entrances  to  buildings  and  where 
they  can  chart  a  course  across  campus  that 
has  the  fewest  slopes  or  the  least  amount  of 
traffic. 

Christian  Almazan,  a  Ph.D.  student  at  the 
University  of  Maryland,  says  deploying  WiMAX 
on  campus  will  make  it  vastly  easier  to  con¬ 
nect  students  to  vital  campus  information 
quickly  and  reliably.  And  because  WiMAX  hot 
spots  can  cover  miles  of  territory,  WiMAX 
devices  won’t  have  the  same  problems  as 
those  that  have  to  constantly  hand  off  be¬ 
tween  hot  spots  to  get  coverage,  he  says. 

“With  WiMAX,  it  will  be  easier  because  you’ll 
only  need  to  have  one  device  for  accessing 
everything  on  campus,”  Almazan  says.  “We’ll 
have  three  nodes  deployed  across  the  cam¬ 
pus,  which  should  cover  the  majority  of  the 
area.  And  if  the  signal  doesn’t  go  inside  some 
areas,  we  can  take  advantage  of  the  Wi-Fi  capa¬ 
bilities  we  already  have  set  up  throughout 
campus.” 

Rollout  plans  forming 

The  new  applications  will  be  running  on  a 
campus-based  mobile  platform  called  Mye- 
Vyu  (pronounced  “my  view”)  that  debuted 
earlier  this  year  and  specializes  in  supporting 
location-based  mobile  software  applications. 
Agrawala  eventually  expects  that  this  platform 
will  be  integrated  into  all  campus  laptops  and 
devices, and  that  WiMAX  will  help  the  platform 
reach  its  potential  to  instantaneously  deliver 
information  to  students  and  faculty 

“Our  major  attraction  to  WiMAX  is  its  stabili¬ 
ty  in  terms  of  broadband  capability^’  he  says. 
“Our  basic  plan  is  to  cover  the  campus  first, 
and  because  WiMAX  has  such  a  longer  reach 
than  Wi-Fi,  it’s  possible  that  the  signal  will  be 
audible  in  the  downtown  areas  near  the  cam¬ 
pus.  There’s  even  a  possibility  that  certain  fed¬ 
eral  agencies  might  connect  to  us  as  well  on  a 
point-by-point  basis.” 

Almazan  says  he  is  excited  that  he  and  fel¬ 
low  students  will  be  working  as  pioneers  in 
the  WiMAX  frontier,  and  he  is  enthused  by 
WiMAX’s  potential  to  close  the  “digital  divide” 
between  urban  and  rural  areas  in  the  United 
States. 

“The  best  part  of  this  project  is  simply  playing 
with  a  brand-new  wireless  technology  that  will 
potentially  penetrate  the  entire  United  States,” 
he  says.  “It  will  enable  rural  communities  to 
have  Web  access  with  tremendous  ease.”* 


Ashok  Agrawala, 
University  of 
Maryland  comput¬ 
er  science  profes¬ 
sor  and  director  of 
the  WiMAX  lab 
there. 
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Leslie  Daigle,  chief  Internet  technology  officer 
for  the  Internet  Society. “DNSSEC  means  more 
confidence  in  government  online  services.” 

The  White  House  DNSSEC  mandate 
comes  just  weeks  after  the  July  disclosure  of 
one  of  the  most  serious  DNS  bugs  ever 
found.  The  Kaminsky  bug  —  named  after 
security  researcher  Dan  Kaminsky,  who  dis¬ 
covered  it  —  allows  for  cache  poisoning 
attacks,  where  a  hacker  redirects  traffic  from 
a  legitimate  Web  site  to  a  fake  one  without 
the  user  knowing. 

White  House  officials  say  their  DNSSEC  man¬ 
date  has  been  in  the  works  since  February 
2003,  when  the  Bush  administration  released 
its  National  Strategy  to  Secure  Cyberspace. 
The  cybersecurity  strategy  which  was  prompt¬ 
ed  by  the  Sept.  1 1,2001,  terrorist  attacks,  includ¬ 
ed  the  goal  of  securing  the  DNS. 

Under  a  separate,  but  related,  cybersecurity 
program  called  the  Trusted  Internet  Con¬ 
nection  initiative,  the  U.S.  government  is  reduc¬ 
ing  the  number  of  external  Internet  connec¬ 
tions  it  operates  from  more  than  8,000  to  less 
than  100. 

The  DNSSEC  mandate  “was  issued  as  a  con¬ 
sequence  of  agencies  having  completed  the 
initial  consolidation  of  external  network  con¬ 
nectivity”  through  the  Trusted  Internet  Con¬ 
nection  initiative, said  Karen  Evans,  administra¬ 
tor  for  the  Office  of  E-Government  and  Infor¬ 
mation  Technology  at  the  Office  of  Manage¬ 
ment  and  Budget  (OMB),  in  a  statement.  “The 
Kaminsky  DNS  bug  was  not  a  factor.” 

DNS  hardware  and  software  vendors  that  are 
scrambling  to  add  DNSSEC  capabilities  to  their 
products  predict  the  one-two  punch  of  the 
Kaminsky  bug  followed  by  the  White  House 
mandate  will  drive  DNSSEC  deployment 
across  the  Internet. 

The  OMB  mandate  is  “significant,  but  it’s  the 
tip  of  the  iceberg,”  says  Rodney  Joffe,  senior 
vice  president  and  senior  technologist  for  Neu- 
Star,  which  sells  the  UltraDNS  managed  ser¬ 
vices  suite  and  operates  several  top-level 
domains,  including  .us  and  .biz.  “All  the  other 
TLDs  are  now  scrambling  to  work  on  DNSSEC. 
It’s  a  sea  change.There  is  no  question  that  2009 
will  be  the  year  of  DNSSEC.” 

White  House  mandates  DNSSEC 

The  OMB  issued  a  mandate  in  August  that  re¬ 
quires  all  federal  agencies  to  support  DNSSEC. 
The  memo  states  that  .gov  must  be  crypto¬ 
graphically  signed  at  the  top  level  by  January 
2009,  and  that  all  subdomains  under  .gov, such 
as  www.irs.gov,  must  be  signed  by  December 
2009. 

While  the  memo  focuses  on  the  .gov 
domain,  the  U.S.  Defense  Information  Systems 
Agency  says  it  intends  to  meet  the  OMB’s 
DNSSEC  requirements  on  the  .mil  domain,  too. 

The  OMB  is  working  with  agencies  to  finalize 
their  plans  for  deploying  DNSSEC  on  their 
domains  and  subdomains, and  these  plans  are 


Embracing  DNSSEC 


Here’s  a  list  of  leading  DNS  product  vendors  and  the  status  of  their  DNSSEC 
support: 

Vendor  I  DNSSEC  support 

- i  - - ------  n  r  r  ,  . 


ISC 

Provides  the  leading  open  source  DNS  software,  Berkeley  Internet  Name 
Domain  (BIND)  Version  9,  which  supports  DNSSEC. 

Infoblox 

DNS  appliance  vendor  has  not  yet  announced  DNSSEC  support,  but 
company  officials  say  they  are  working  on  it. 

Microsoft 

Announced  that  DNSSEC  will  be  supported  in  a  Longhorn  Server  service 
pack  due  out  in  2008. 

NLnet  Labs 

Released  an  open  source  package  called  Unbound  in  May  that  supports 
DNSSEC.  Unbound  was  developed  by  a  team  that  includes  VeriSign, 
Nominet  and  Kirei. 

Nominum 

Supports  DNSSEC  in  its  DNS  software.  Secure64  began  shipping  an 
automated  DNSSEC  signing  solution  on  Sept.  5.  Called  Secure64  DNS 
Signer,  the  system  works  with  any  DNS  authoritative  server. 

UltraDNS 

Will  offer  DNSSEC-compliant  tools  and  services  by  year-end,  officials 
say. 

expected  to  be  finalized  by  mid-October. 

To  meet  the  mandate,  federal  agencies  must 
upgrade  their  DNS  servers  to  support  the  new 
protocol,  buy  network  management  tools  to 
support  DNSSEC,  and  provide  training  to  their 
network  management  staff. 

“The  real  impact  is  that  you  are  changing  the 
way  the  DNS  is  managed  within  the  .gov  do¬ 
main,”  says  Scott  Rose,  a  computer  scientist 
with  the  National  Institute  for  Standards  and 
Technology  (NIST)  Information  Technology 
Laboratory“The  largest  cost  in  DNSSEC  deploy¬ 
ment  is  setting  up  procedures  and  software  for 
key  management.” 

Agencies  will  pay  for  DNSSEC  out  of  their 
existing  IT  infrastructure  budgets,  Evans  said. 

“We  think  it’s  doable,”  Rose  says  of  the  .gov 
DNSSEC  deadline.  “We  think  it  sends  a  strong 
signal  that  the  U.S.  government  is  committed  to 
DNSSEC  and  to  improving  Internet  security 
within  the  .gov  domain.” 

Experts  say  the  OMB  mandate  may  encour¬ 
age  ISPs  to  support  DNSSEC,  too,  as  their  cus¬ 
tomers  are  heavy  users  of  .gov  Web  sites. 

The  federal  government  will  be  among  the 
first  organizations  in  the  world  to  deploy  secu¬ 
rity  enhancements  to  the  top-level  domain  it 
operates,  which  is  .gov. 

Countries  that  have  already  deployed 
DNSSEC  in  their  top-level  domains  include 
Sweden,  Puerto  Rico,  Bulgaria  and  Brazil. 

“We’ve  seen  a  fair  amount  of  interest  in 
DNSSEC  outside  the  U.S. . ..but  we  haven’t  had 
a  whole  lot  of  momentum  inside  the  U.S.,”says 
Cricket  Liu,  vice  president  of  architecture  at 
InfoBlox.“My  hope  is  that  this  is  the  beginning 
of  getting  the  ball  rolling  in  the  U.S.” 

What  about  the  root  and  .com? 

While  significant,  the  OMB  mandate  is  miss¬ 
ing  a  few  key  components  that  are  necessary 
to  drive  DNSSEC  deployment  across  the 


Internet. 

First,  the  OMB  memo  says  nothing  about 
when  the  Internet’s  root  servers  will  support 
DNSSEC.  Second,  the  OMB  memo  doesn’t 
address  whether  the  U.S.  government  will  re¬ 
quire  VeriSign,  which  operates  the  popular 
.com  and  .net  top-level  domains,  to  support 
DNSSEC. 

The  National  Telecommunications  and  Infor¬ 
mation  Administration  (NTIA),the  arm  of  the 
U.S.  government  that  oversees  the  Internet’s 
DNS  infrastructure,  has  not  set  a  deadline  for 
DNSSEC  deployment  for  the  root  servers,  .com 
or  .net. 

The  NTIA  states  that  it  will  not  take  any  action 
that  would  affect  the  operational  stability  or 
efficiency  of  the  DNS. 

“A  DNSSEC  signed  root  zone  would  represent 
one  of  the  most  significant  changes  to  the  DNS 
infrastructure  since  it  was  created;  therefore 
any  changes  cannot  be  taken  lightly  consider¬ 
ing  that  the  Internet  DNS  is  a  global  infrastruc¬ 
ture  on  which  the  global  economy  relies,”  the 
statement  said. 

VeriSign  has  been  running  DNSSEC  pilot  pro¬ 
jects  for  several  years,  and  it  offers  free  DNSSEC 
tools  on  its  Web  site  for  developers  at  www. 
nwdocfinder.com/6740. 

VeriSign  operates  two  of  the  Internet’s  13  root 
servers.  In  March  2008,  VeriSign  created  a 
DNSSEC  test  bed  for  all  the  root  zone  operators 
to  use  (see  www.nwdocfinder.com/6741). 

“The  test  bed  is  going  well,”  says  Ken  Silva, 
CTO  for  VeriSign.  “We’ve  gathered  a  lot  of  data 
. .  .This  is  all  part  of  the  process  to  be  ready  if 
and  when  the  full  Internet  is  ready  to  deploy 
DNSSEC.” 

VeriSign  hasn’t  committed  to  supporting 
DNSSEC  in  .com  and  .net.  As  of  June  2008, 
.com  and  .net  supported  87.3  million  domain 
names,  a  figure  that  is  up  20%  from  the  previ¬ 
ous  year,  according  to  VeriSign. 
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**What  I  think  you  should  take  away  from  this  as  IT  managers 
is  that  DNSSEC  is  coming.  DNSSEC  is  real  and  it’s  out  of  the 
experimental  stage.55 

Leslie  Daigle 

Chief  Internet  technology  officer,  Internet  Society 


Silva  says  .com  and  .net  will  not  be  upgrad¬ 
ed  with  DNSSEC  until  after  the  root. 

“For  full  DNSSEC  deployment  Internet-wide, 
you  could  be  talking  decades,”  says  Silva,  who 
predicts  it  will  be  another  three  years  until  the 
root  servers  support  DNSSEC. 

Experts  say  full-scale  deployment  of  DNSSEC 
won’t  happen  until  the  root,  .com  and  .net  are 
authenticated  with  digital  signatures. 

“Having  the  root  signed  is  fairly  important,” 
says  Olaf  Kolkman,  director  of  NLnet  Labs,  a 
nonprofit  research  and  development  founda¬ 
tion  in  the  Netherlands.“Obviously,  .com  is  the 
300-pound  gorilla  in  the  room.  If  .com  were 
signed,  that  would  pull  a  lot  of  people  into 
DNSSEC,  but  having  the  root  signed  gives  a 
more  global  signal.” 

Chicken-and-egg  dilemma 

Internet  engineers  developed  DNSSEC  in 
1997,  but  the  technology  hasn’t  been  widely 
deployed  because  it  suffers  from  the  classic 
chicken-and-egg  dilemma. 

DNSSEC  doesn’t  protect  against  spoofing 
attacks  unless  it’s  widely  deployed  across  the 
Internet’s  DNS  infrastructure.  Web  site  opera¬ 
tors  don’t  benefit  much  from  DNSSEC  unless 
it’s  deployed  at  the  top-level  domain. The  top- 
level  domains  haven’t  supported  DNSSEC 
because  there  hasn’t  been  demand  from  Web 
site  operators. 

With  the  OMB  mandate,  it  appears  the  egg  is 


cracking.  Other  top-level  domains  interested  in 
rolling  out  DNSSEC  include  the  Pubic  Interest 
Registry’s  .org.  and  Poland’s  country  code,  .pi 

One  reason  DNSSEC  has  been  slow  to 
catch  on  is  that  it  is  difficult  to  deploy. 
Network  managers  will  need  tools  that  help 
them  generate  and  store  cryptographic  keys 
in  a  secure  manner,  plus  they  will  have  to 
update  those  keys  on  a  regular  basis  in 
order  to  support  DNSSEC. 

“It  has  been  a  complicated  and  time-con¬ 
suming  exercise  for  people  to  deploy  DNS¬ 
SEC’’ says  Mark  Beckett,  vice  president  of  mar¬ 
keting  for  Secure64,  a  DNS  vendor  that  began 
shipping  an  automated  system  for  deploying 
DNSSEC  this  month. 

That’s  one  reason  Secure64  received  a  $1 
million  grant  from  the  Department  of 
Homeland  Security  earlier  this  year  to  develop 
an  automated  DNSSEC  signing  solution  that 
became  the  just-released  Secure64  DNS  Signer 
product. 

“DHS  wanted  to  prime  the  pump  to  get  com¬ 
mercial  products  out  there  to  remove  that 


complexity  and  to  make  it  a  possibility  to  de¬ 
ploy  DNSSEC  in  a  matter  of  days  or  weeks, 
rather  than  the  months  and  months  it  might 
take  them  today’  Beckett  adds. 

DNSSEC  experts  are  encouraging  corporate 
network  managers  to  view  the  federal  man¬ 
date  as  a  sign  that  DNSSEC  is  real. 

“What  I  think  you  should  take  away  from  this 
as  corporate  IT  managers  is  that  DNSSEC  is 
coming.  DNSSEC  is  real,  and  it’s  out  of  the  ex¬ 
perimental  stage,”  Daigle  says.  “It’s  OK  to  buy 
products  and  equipment  to  support  it." 

Network  managers  also  should  take  a  good 
look  at  DNSSEC  because  of  the  Kaminsky  bug, 
experts  say  This  is  especially  true  of  industries 
such  as  banking  and  e-commerce  that  battle 
phishing  attacks. 

The  Kaminsky  bug  “is  a  verifiable  and  credi¬ 
ble  business  case  for  actually  deploying 
DNSSEC,  not  just  in  the  government  but  in  pri¬ 
vate  industry  Joffe  says.“The  only  solution  we 
know  of  that  is  100%  correct  in  solving  the 
problem  of  DNS  cache  poisoning  is 
DNSSEC.”B 


A  gentle  reminder: 

A  few  pages  ago  we  talked  about  getting  in  the  right  gear.  Don’t  let 
your  competition  pull  further  ahead.  Work  smarter,  not  harder. 
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IP  PBX 

continued  from  page  1 

Avaya  says  it  performs  compatibility  testing 
with  other  vendors’  gear  such  as  phones  and 
with  service  provider  trunks. 

This  also  serves  Avaya ’s  game  plan  of  help¬ 
ing  customers  link  business  applications  to¬ 
gether  with  business  processes, says  Lawrence 
Byrd,  director  of  IP  telephony  and  mobility  at 
Avaya. 

It  is  conceivable  using  UC  for  a  help  desk 
application  to  spot  a  critical  problem  and 
automatically  launch  a  voice  call,  IM  or 
e-mail  to  notify  someone  who  can  deal  with 
it,  Byrd  says. 

“If  [the  applications]  are  all  SIP-enabled  it  is 
much  easier  to  orchestrate  them  to  work 
together,”  he  says. 

Microsoft  and  IBM  loom  large 

The  largest  vendors  —  Cisco,  Avaya,  Nortel 
and  Shoretel  in  the  United  States,  are  mak¬ 
ing  interoperability  efforts  with  the  two  big 
vendors  of  unified  communications  platforms, 
Microsoft  (Office  Communication  Server)  and 
IBM  (Sametime),  says  Matthias  Machowinsky, 
an  analyst  with  Infonetics. 

Microsoft  and  IBM’s  platforms  are  so  com¬ 
pelling  that  they  may  be  freezing  IP  PBX 
decisions  as  potential  customers  digest  how 
UC  platforms  might  help  their  businesses 
and  how  all  the  pieces  would  fit  together, 
says  Jay  Lassman,  an  analyst  with  Gartner.  “I 
think  we’ve  actually  seen  a  slowdown  of  the 
adoption  of  IP  telephony  as  organizations 
try  to  guess  what’s  going  to  happen  with 
these  new  offers  from  Microsoft  and  IBM,”  he 
says. 

Both  Microsoft  and  IBM  recognize  the 
need  to  cooperate  with  the  IP  PBX  vendors 
on  interoperability  to  help  businesses  make 
the  leap  to  UC,  he  says. 

IBM,  for  instance,  has  a  close  relationship 
with  Nortel,  which  bundles  its  IP  PBX  with 
Sametime  hardware  and  installs  it  as  a  pack¬ 
age  to  make  the  transition  simpler.  Nortel 
has  a  close  relationship  with  Microsoft  try¬ 
ing  to  achieve  similar  goals.  Similar  alliances 
abound  among  the  IP  PBX  vendors  and  the 
collaboration  and  messaging  vendors. 


ONLINE:  VoIP,  video  and  UC 

Exactly  what  is  unified  communica¬ 
tions?  What  does  it  encompass?  Why 
do  you  need  it?  How  will  unified  com¬ 
munications  affect  your  bottom  line? 
We’ll  answer  these  questions  and  pro¬ 
vide  enterprise  IT  managers  with  prac¬ 
tical  solutions  to  understand  the  UC 
market  at  IT  Roadmap:  San  Francisco 
on  Nov.  17.  Qualify  to  attend  free: 

www.nwdocflnder.com/6421 


Steps  toward  unified  communications 

Unified  communications  can  be  phased  in  overtime,  starting  with  IP 

•  Combine  voice  and  data  communications  groups  within  the  corporation  to  streamline 
and  amass  required  expertise. 

•  Shift  control  of  communications  applications  to  a  server  group  and  leave  responsibil¬ 
ity  for  communications  hardware  with  the  combined  voice/data  group. 

•  As  UC  evolves  so  communications  applications  are  pure  software,  shift  responsibil¬ 
ity  for  them  to  an  applications  group. 

•  Create  a  UC  center  of  excellence  within  the  corporation  to  bring  together  knowledge 
and  expertise  and  to  advise  on  IT  and  communications  changes. 

•  Make  sure  the  business  weighs  not  just  technical  but  political,  regulatory  and  bud¬ 
getary  issues  as  well  as  regional,  centralized  and  distributed  deployment  options. 


Microsoft  has  a  different  spin,  developing 
its  own  PBX  functionality  with  OCS,with  the 
long-term  goal  of  supplanting  PBXs.  That 
may  be  a  way  off  still,  according  to  Gartner. 

The  OCS  telephony  platform  lacks  stan¬ 
dard  PBX  features  such  as  attendant  opera¬ 
tor,  emergency  services  support  and  failover, 
according  to  the  recent  Gartner  Magic  Qua¬ 
drant  report  on  corporate  telephony, “taking 
it  out  of  the  running  as  an  all-out  replace¬ 
ment  for  a  PBX  or  an  IP  PBX  until  at  least 
2010.”  Gartner  ranked  Microsoft  high  in  its 
vision  but  low  in  its  ability  to  execute  in  IP 
telephony. 

Similarly,  Cisco  is  piecing  together  its  own 
UC  platform  and  a  collaboration  service  that 
could  combine  with  its  VoIP  gear  to  deliver 
UC  support. 

Seeking  IP  PBX  vendors  that  support  widely 
held  interoperability  standards  is  important 
because  no  single  vendor  has  mastered  all  the 
broad  elements  that  UC  comprises.  In  addi¬ 
tion,  it  leaves  open  the  option  to  use  multiple 
vendors  whose  products  a  business  might 
already  own  or  that  the  customer  regards  as 
preferable. “That  is  an  essential  element  if  you 
are  a  business  that  wants  to  integrate  telepho¬ 
ny  into  line-of-business  applications  or  feder¬ 
ated  dial  plans  with  partners  and  expand  the 
connectivity  of  voice  systems  to  outside  enti¬ 
ties,”  Lassman  says. 

Ease  of  integration  also  can  play  in  the 
cost  of  UC,  Lassman  says.  “We  have  clients 
tell  us  that  they  are  about  to  buy  their  last 
release  of  an  IP  PBX  because  they  are  look¬ 
ing  ahead  at  unified  communications  and 
how  they  can  wrap  that  in  to  what  they’re 
doing. 

It  has  to  do  with  the  ability  to  be  UC-ready, 
for  lack  of  a  better  term,”  he  says. 

ROI  is  lacking 

Most  businesses  have  given  up  trying  to  jus¬ 
tify  VoIP  based  on  return  on  investment, 
according  to  a  study  by  Nemertes  Research. 
Capital  outlay  for  IP  PBXs  is  about  the  same  or 
more  than  for  traditional  PBXs,  operational 


start-up  costs  are  higher  and  it  takes  about 
three  times  longer  to  isolate  and  repair  out¬ 
ages,  says  Robin  Gareiss,  Nemertes  executive 
vice  president,  in  a  report  on  the  business 
case  for  VoIP 

“To  be  sure  there  can  be  a  net  savings  after 
the  first  two  years,  but  organizations  are  focus¬ 
ing  on  other  benefits,  such  as  streamlined  fea¬ 
tures,  improved  productivity  and  integrated 
voice/data/video  collaborative  applications,” 
Gareiss  says. 

When  blending  IP  PBXs  into  collaboration, 
messaging  and  presence,  the  cost  of  UC 
licensing  will  determine  the  customer’s  start¬ 
ing  point,  Lassman  says. 

A  Microsoft  shop,  for  instance,  will  look  at  its 
current  licensing  and  determine  whether 
adding  UC  is  incremental  or  a  significant  cost 
jump. “If  you’re  starting  from  scratch  and  you 
have  Exchange  2003,  it’s  going  to  be  hard  to 
justify  UC  because  of  the  increase  in  the  cost 
of  the  license,”  he  says.  On  the  other  hand,  if 
they  already  have  Exchange  2007  a  move  to 
UC  would  cost  less. 

The  open  standards  will  allow  customers  to 
shop  around. “If  they’re  starting  from  scratch, 
they  could  look  at  some  other  vendors,” 
Lassman  says. 

Another  way  to  save  is  by  limiting  UC  de¬ 
ployment  at  the  outset,  Lassman  says.“I  think 
some  clients  think  they’ve  got  to  do  it  to  every¬ 
body  everywhere,  but  the  reality  of  it  is  there’s 
no  need  to,”  he  says. 

Regardless  of  how  fast  UC  grows,  an  IP  PBX 
is  a  wise  investment  for  now,  he  says.“Anybody 
who  invests  in  one  today  will  get  a  lot  of 
mileage  out  of  that  for  awhile.  It  will  be  part  of 
any  UC  migration  regardless  of  the  UC  plat¬ 
form,”  Lassman  says.  ■ 

VoIP 

&  CONVERGENCE 

Subscribe  to  our  free  newsletter: 

www.nwdocfinder.com/1003 
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Revolutionize  your  communications  without  a  PBX  renovation 


Now  you  can  transition  to  VoIP  with  innovative  software 
from  Microsoft.  Software  that  integrates  with  Windows 
Server  Active  Directory  services,  Microsoft  Office,  Microsoft 
Exchange  Server,  and  your  PBX.  Keep  your  PBX  in  place  and  still 
get  new  voice  capabilities  like  drag-and-drop  conferencing, 
anywhere  access,  and  click-to-call  functionality  from  familiar 


desktop  applications.  A  software-powered  VoIP  solution, 
based  on  Microsoft  Office  Communications  Server  2007, 
helps  you  increase  the  productivity  and  flexibility  of  your 
workforce — especially  your  mobile  users.  Change  the  way 
you  communicate  without  changing  your  PBX.  Learn  more 
at  microsoft.com/voip 


Your  potential.  Our  passion. 

Microsoft 
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VMware  touts  ‘the 
cloud'  at  VMworld 

BY  JON  BRODKIN 

LAS  VEGAS  —  At  CEO  Paul  Maritz’s  first  VMworld  conference,  the 
company  impressed  attendees  and  industry  experts  by  previewing  a 
broad  set  of  technologies  designed  to  help  enterprises  become  cloud 
computing  providers  to  their  own  employees. 

VMware  CTO  Stephen  Herrod  admitted  that  the  cloud  “might  be  the 
most  abused  phrase  since  virtualization”  but  the  goal  of  providing  high¬ 
ly  scalable  and  elastic  computing  resources  that  can  expand  and  shrink 
as  needed  and  be  accessed  from  anywhere  is  real. 

A  lot  of  VMware  customers  want  to  be  just  like  Google,  according  to 
Maritz.  “They  think  Google  has  this  giant  computer  they  can  flexibly 
deploy  applications  on  top  of,  and  that’s  what  they  aspire  to  achieve,” 
Maritz  said.The  idea  is  to  operate  an  “internal  cloud,”  and  act  as  a  “host¬ 
ing  provider  to  internal  customers”  he  said. 

This  will  require  more  flexible  and  efficient  methods  of  delivering 
computing  resources,  where  virtual  machines  can  be  moved  around  at 
will,  independent  of  the  hardware  they  run  on, VMware  said. 

“What’s  interesting  is  that  while  many  of  the  clouds  you  hear  about  are 
associated  with  high-performance  computing  or  Web  2.0,  what  I  heard 
here  showed  that  they’re  thinking  more  about  an  enterprise  cloud,  a 
cloud  that  will  support  enterprise  applications  with  some  guarantees 
about  service-level  agreements,”  said  IDC  analyst  Jean  Bozman. 

The  largest  companies  might  operate  their  own  internal  clouds,  while 
others  will  contract  with  service  providers  that  offer  computing  re- 
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sources  over  the  Web  with  the  help  of  VMware  technology 
“It’s  going  to  be  a  departure  from  a  lot  of  the  cloud  stuff  we’ve  seen 
already  Bozman  said. “It’s  going  to  have  more  of  the  characteristics  of 
software-as-a-service,  where  you  expect  to  get  something  like  a  pack¬ 
aged  software  functionality  It’s  not  just  for  developers  who  are  writing 
Web  applications,  it’s  not  for  high-performance  computing  where  you’re 
doing  a  lot  of  custom  stuff. The  intention  is  to  provide  for  you  what  you 
would  have  gotten  from  . . .  your  own  data  center’’ 

None  of  VMware’s  technology  announced  at  VMworld  will  be  avail¬ 
able  until  sometime  next  year.  Key  announcements  include  the  Virtual 
Datacenter  Operating  System  (VDC-OS),  which  aggregates  virtualized 
servers,  storage  and  network  resources  into  one  big  computing  pool 
that  serves  up  computing  resources  to  applications,  providing  a  better 
level  of  availability  and  scalability,  the  company  says. 

For  example,  the  VDC-OS  will  be  able  to  manage  as  many  as  4,096 
processor  cores  in  a  single  pool  of  resources,  Herrod  said. 
Secondly, VMware  announced  vCloud,an  initiative  that  partners  VMware 
with  more  than  100  service  providers  —  such  as  Sawis, Verizon,  AT&T, 
Rackspace  and  British  Telecom  —  that  are  using  VMware’s  technology 
to  offer  Internet-based  computing  clouds.VCloud  “will  connect  internal 
data  centers  and  external  service  provider  offerings  together  seamless¬ 
ly  enabling  enterprises  to  adopt  cloud-based  services, ’’VMware  says. 

The  Virtual  Datacenter  Operating  System  concept  is  “intriguing’’IT  ana¬ 
lyst  Laura  DiDio  says.  But  to  be  successful, VMware  must  go  out  of  its  way 
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to  train  customers,  who  often  are  dealing  with  tight  budgets  and  using 
products  18  to  24  months  older  than  the  most  cutting-edge  technology 

Virtualizing  a  few  servers  and  deploying  basic  disaster-recovery  tools 
is  relatively  simple  compared  with  the  kind  of  overall  data  center  man¬ 
agement  schemes  VMware  is  now  talking  about. 

“They  have  to  match  theory  with  actual  usage,”  Didio  says.“You  know, 
it’s  got  to  be  vetted. ...  A  lot  of  customers  are  leaving  the  comfort  zone. 
These  things  are  increasing  in  size,  scope  and  complexity  A  lot  of  these 
organizations  do  not  have  the  time  nor  the  funds  to  send  their  IT  people 
out  for  training.” 

Even  customers  who  are  virtualizing  large  portions  of  their  data  cen¬ 
ters  may  not  want  to  deploy  the  VDC-OS  immediately 

“We’ll  test  it  out,  we’ll  work  with  it  in  our  labs  and  we’ll  see  how  it 
works.  We’re  not  rushing  into  that,”  says  Aaron  Andrews,  director  of  dis¬ 
tributed  systems  at  First  American  Corporation  in  California.  Andrews 
says  his  company  takes  an  approach  that  assumes  pretty  much  any 
workload  can  be  deployed  on  a  virtual  server,  but  there’s  still  work  to  be 
done  in  educating  business  users. 

“We  have  business  units  that  have  adopted  it,  and  we  have  business 
units  that  don’t  know  what  virtualization  is,”  he  says. 

Kris  Jmaeff,  a  senior  data  center  analyst  at  the  Interior  Health  Authority 
in  British  Columbia,  says  forthcoming  VMware  technology  like  the  VDC- 
OS,  and  increasing  willingness  by  software  application  vendors  to  sup¬ 
port  workloads  running  on  virtual  machines,  will  help  the  organization 
move  closer  to  a  fully  virtualized  environment.  Currently  about  half  the 
authority’s  physical  servers  are  virtualized.  “By  the  next  generation  [of 
VMware’s  technology  releases]  we’ll  be  able  to  virtualize  almost  every¬ 
thing,”  he  says. 

In  addition  to  VDC-OS  and  vCloud, VMware  discussed  a  few  more  tech¬ 
nologies  designed  to  increase  data  center  flexibility  Herrod  said 
VMware  will  introduce  live  migration  for  storage,  allowing  virtual 
machines  to  be  moved  from  one  piece  of  storage  to  another  without 
any  downtime. 

Herrod  also  promised  improvements  to  VMware’s  High  Availability 
software,  which  responds  to  hardware  failures  by  automatically  sending 
virtual  machines  from  one  box  to  another  when  the  original  host 
machine  goes  down. 

“We  want  applications  to  be  better  than  physical,”  Herrod  said. “If  that 
physical  piece  of  hardware  dies  we  seamlessly  move  over  to  a  second 
physical  machine.” 

Beyond  the  specific  technology  announcements,  the  sheer  scope  of 
VMworld  demonstrated  how  important  virtualization  is  to  the  IT  indus¬ 
try  today,  noted  Yankee  Group  analyst  Phil  Hochmuth. 

Seemingly  every  IT  company  had  a  product  announcement  to  make 
at  VMworld,  and  big  players  such  as  HPIBM,  Cisco,  Dell  and  Intel  deliv¬ 
ered  keynote  addresses. 

“To  me,  this  is  like  the  new  Interop,”  Hochmuth  said.“Everyone  wants  to 
get  into  virtualization,  they  want  their  brand  or  their  company  to  be 
associated  with  virtualization  the  way  every  technology  company  want¬ 
ed  their  brand  to  be  associated  with  the  Internet  seven  years  ago.” 

About  14,000  people  attended  VMworld,  including  representatives 
from  Microsoft,  who  tried  to  rain  on  VMware’s  parade  by  distributing 
fake  casino  chips  directing  attendees  to  a  Web  site  titled  “VMware  costs 
way  too  much.” 

The  Microsoft-hosted  site  says  “Looking  for  your  best  bet?  You  won’t 
find  it  with  VMware,” and  provides  several  links  to  virtualization  pages  on 
Microsoft.com.  ■ 
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All  eyes  on  HP-EDS  services  plans 

Analysts  wonder  if  HP  will  push  HP  wares  on  EDS  clients 


BY  DENISE  DUBIE 

HP’s  announcement  last  week  that  it  would 
cut  thousands  of  jobs  as  it  digests  EDS’  IT  ser¬ 
vices  business  didn’t  come  as  a  total  surprise 
to  industry  watchers,  but  the  company’s  inte¬ 
gration  plan  did  raise  eyebrows. 

“It’s  going  to  be  a  huge  challenge  to  bring 
together  two  very  dissimilar  businesses,”  says 
Ben  Pring,  research  vice  president  at  Gartner. 
“HP  wants  to  standardize  and  make  processes 
repeatable.  It  has  the  cloud,  multitenant,  multi¬ 
client  mindset.  EDS  in  its  history  approached 
each  client  with  a  very  singular  unique 
method.  EDS  will  have  to  relearn  how  it  does 
IT  services,  and  the  industry  will  be  watching 
if  HP  can  change  the  mindset  at  EDS.” 

HP  met  with  financial  analysts  last  week  to 
discuss  the  company’s  plans  for  integrating 
with  the  EDS  business,  and  the  immediate 
news  centered  on  some  24,600  staff  cuts  to  be 
made  over  the  next  three  years.  HP  reported 
the  7.5%  reduction  in  combined  staff  will  elim¬ 
inate  redundancy  in  corporate  support  and 
other  functions,  and  save  the  company  $1.8 
billion  annually  when  complete.  And  HP  told 
analysts  it  will  reinvest  those  savings  into  its 
workforce  with  a  plan  to  hire  back  up  to  50% 
of  those  eliminated  positions  over  three  years 
as  well. 

HP  will  transfer  its  outsourcing  unit  to  EDS, 
and  parts  of  HP’s  consulting  unit  will  fall 
under  the  EDS  business  unit  or  HP  Software, 
which  is  set  to  be  renamed  to  HP  Software  and 


k  big  year  for  IT  job  cuts 

HP  is  far  from  the  only  vendor  to 
have  announced  big  layoffs  this 
year.  Among  the  others: 

•  In  January,  mobile-phone  maker  Nokia 
said  it  was  laying  off  2,300  workers  at  a 
plant  in  Bochum,  Germany,  and  Sprint 
Nextel  said  it  would  cut  4,000  workers 
from  its  payroll. 

•  In  February,  Yahoo  said  it  would  cut 
about  1,000  jobs;  Siemens  said  it  would 
axe  3,800  jobs  at  its  Siemens  Enterprise 
Communications  subsidiary;  and  Nortel 
said  it  would  get  rid  of  2,100  jobs. 

•  In  May,  Dell  said  it  was  slashing  8,900 
jobs  and  AMD  said  it  was  reducing  its 
global  workforce  by  10%,  or  16,800  jobs. 

OfiMH 

Solutions  in  November.  That  means  HP’s  ser¬ 
vices  will  essentially  be  run  out  of  EDS,  says 
Paul  Roehrig,  a  principal  analyst  with  Forrester 
Research, and  that  will  mean  HP  staff  will  have 
to  ramp  up  to  EDS’ level  in  terms  of  IT  services. 
EDS  was  ranked  as  the  No.  2  vendor  in  IT  ser¬ 
vices  (behind  IBM)  and  reported  $22.7  billion 


in  revenue  for  fiscal  2007.  HP  reported  its  fiscal 
2007  services  revenue  at  $16.6  billion, and  IBM 
brings  in  about  $54  billion  with  its  services 
business. 

“HP  will  have  to  be  able  to  move  fairly 
quickly  to  take  advantage  of  EDS’  strong 
brand.  HP  has  to  be  able  to  prove  it  can 
deliver  across  multiple  lines  of  services  and 
be  able  to  do  that  efficiently”  Roehrig  says. 
“[HP  CEO  Mark  Hurd]  has  shown  a  willing¬ 
ness  to  execute  more  and  streamline  inte¬ 
gration  efforts.” 

Cultural  issues  aside,  other  factors  could  hin¬ 
der  HP’s  success,  as  clients  accustomed  to 
EDS’  business  model  might  balk  at  HP’s 
attempt  to  incorporate  its  software  into  its  ser¬ 
vices  offerings.  IBM  strategically  separates  its 
Global  Technology  Services  business  from  its 
product  offerings, promising  to  remain  vendor- 
agnostic  and  apply  technology  best  suited  to 
the  customer  environment.Yet  industry  watch¬ 
ers  worry  HP  has  plans  to  bring  its  software 
and  services  business  closer  together,  effec¬ 
tively  pitching  HP  wares  with  outsourcing 
offerings. 

“IBM  made  that  strategic  decision  a  long 
time  ago  and  it  has  paid  dividends,”  Gartner’s 
Pring  says.  “The  EDS  model  is  technology- 
agnostic,  and  HP  should  understand  veering 
away  from  that  is  a  dangerous  strategy  If  HP 
pushes  its  own  products  too  aggressively  in 
outsourcing  accounts,  they  will  shoot  them¬ 
selves  in  the  foot.”  ■ 


Telcos,  ISPs  prep  for  pandemics 


Network  management, 
bandwidth  priority  will 
become  critical  tools 

BY  BRAD  REED 

Network  operators  and  IT  professionals  wor¬ 
ried  about  how  hurricanes  and  financial  melt¬ 
downs  will  impact  their  work  lives  can  add 
another  potential  catastrophe  to  their  list  of 
concerns:  a  global  pandemic. 

During  a  panel  sponsored  by  the  FCC  in 
Washington,  D.C.,  last  week,  representatives 
from  telecom  carriers  and  ISPs  discussed  the 
steps  they’ve  been  taking  to  prepare  for  the 
mass  outbreak  of  a  disease  such  as  influenza, 
and  also  described  the  needs  and  challenges 
they  would  have  to  meet  to  keep  communica¬ 
tions  up  and  running  during  a  major  global  cri¬ 
sis.  The  most  important  tool  at  ISPs’  disposal 
during  a  serious  pandemic  is  network  man¬ 


agement,  panelists  agreed. 

Christopher  Guttman-McCabe,  the  vice  presi¬ 
dent  for  regulatory  affairs  for  the  CTIA  wireless 
association,  predicted  that  during  a  severe  pan¬ 
demic,  many  workers  would  either  work  exclu¬ 
sively  from  home  or  from  more  remote  loca¬ 
tions  that  would  limit  their  potential  exposure 
to  disease. 

“Network  management  and  network  groom¬ 
ing  will  absolutely  come  into  play  if  we  have  a 
significant  number  of  people  living  in  shelters 
or  staying  at  home  to  work,”  he  said.  “A  pan¬ 
demic  is  rather  similar  to  the  aftermath  of  what 
happens  during  a  natural  disaster  such  as  a 
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hurricane.  Carriers  need  to  determine  where 
public  safety  needs  the  most  help,  and  also 
where  key  911  facilities  and  key  hospitals  are 
located.  From  there  they  can  boost  key  cellular 
signals  depending  on  the  circumstances.” 

Robert  Mayer,  the  vice  president  of  industry 
and  state  affairs  for  the  U.S.  Telecom  Asso¬ 
ciation,  said  carriers  and  ISPs  would  face  sig¬ 
nificant  difficulties  in  limiting  the  amount  of 
high-bandwidth  traffic  that  occurred  in  resi¬ 
dential  areas  during  a  pandemic.  Because  resi¬ 
dential  areas  are  out  of  the  control  of  corpo¬ 
rate  IT  departments  and  aren’t  equipped  with 
the  same  traffic-shaping  capabilities  as  enter¬ 
prise  networks,  carriers  would  either  have  to 
directly  interfere  with  Web  traffic  or  at  least 
educate  people  on  what  they  should  and 
should  not  be  downloading  during  national 
emergencies,  Mayer  said. 

In  particular,  Mayer  said  people  would  have 
to  be  told  not  to  stream  videos  or  use  peer-to- 

See  Pandemic,  page  24 
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Pandemic 

continued  from  page  22 

peer  technology  that  could  clog  the  local  net¬ 
work  and  prevent  basic  communications  such 
as  e-mail  from  getting  through.  While  Mayer 
acknowledged  that  the  network  neutrality 
debate  has  made  some  carriers  “nervous” 
about  giving  priority  to  certain  traffic,  he  said  in 
a  true  national  disaster,  the  FCC  would  give  car¬ 
riers  leeway  to  shape  traffic  to  give  vital  Web 
communications  the  highest  priority 

‘As  people  migrate  to  a  residential  usage  area 
for  work,  we  could  see  traffic  patterns  that  go 
way  beyond  our  normal  peak  traffic  hours,”  he 
said.  ‘And  if  that  happens,  we’re  going  to  see 
some  congestion.  We  don’t  know  how  many 
children  will  be  home  and  trying  to  access  the 
Internet  along  with  their  parents.” 

But  even  if  carriers  were  allowed  to  shape 
traffic,  Mayer  acknowledged  that  there  would 
be  severe  limits  to  what  they  could  accom¬ 
plish.  For  example,  he  noted  that  it  would  be 
impossible  for  carriers  to  know  whether  some¬ 
one  was  working  from  home  as  a  physician 
and  needed  quick  access  to  important  med¬ 
ical  information,  or  whether  someone  working 
from  home  worked  in  retail. This,  he  and  other 
panelists  agreed,  is  why  carriers  and  ISPs 
would  need  to  effectively  communicate  to 
the  public  what  is  and  what  is  not  smart  pro¬ 
tocol  for  communicating  during  a  national 


emergency. 

Andy  Skotdal,  the  president  and  general 
manager  of  radio  station  KRKOAM  in  Everett, 
Wash.,  said  he  and  fellow  members  of  the 
National  Association  of  Broadcasters  would 
play  a  critical  role  in  educating  the  public  on 
the  best  ways  to  keep  communications  net¬ 
works  effective  and  fast.  Specifically,  Skotdal 
said  radio  and  television  broadcasters  would 
have  to  take  the  lead  in  giving  the  public 
important  knowledge  that  could  prevent  them 
from  inadvertently  sabotaging  their  own 
attempts  to  get  into  contact  with  friends  and 
loved  ones. 

“For  instance,  people  need  to  be  told  during 
an  earthquake  what  to  do  if  you  pick  up  a 
phone  and  you  don’t  immediately  get  a  dial 
tone,”  he  said.  “Most  people  don’t  know  that 
the  solution  is  to  hang  onto  the  phone  and 
wait  for  the  dial  tone  to  come  on  . . .  because 
if  you  keep  hanging  up  and  trying  to  recon¬ 
nect  over  and  over  again,  you ’re  going  to  over¬ 
load  the  switch.” 

Guttman-McCabe  expressed  a  similar  senti¬ 
ment  and  said  the  public  needs  to  be  educated 
on  similar  protocols  for  wireless  services.  One 
of  the  key  problems  that  occurred  with  wire¬ 
less  networks  during  the  Sept.  11  terrorist 
attacks,  he  said,  was  that  people  would  make 
phone  calls  to  people  in  New  York  and  would 
not  hang  up  after  making  contact  for  fear  of 
not  being  able  to  reconnect  to  the  network. 


The  message  needs  to  get  out  that  if  you  make 
a  call  during  an  emergency  you  need  to  make 
contact  and  then  hop  off  the  network  to  make 
room  for  everyone  else,  he  said. 

But  Ron  Laudner  Jr.,  the  CEO  for  telco  Omni- 
Tel  Communications  in  Iowa,  said  changing 
user  behavior  was  only  part  of  navigating  a  cat¬ 
astrophe  such  as  a  pandemic.The  other  impor¬ 
tant  factor,  he  said,  was  that  carriers  rearrange 
their  priorities  to  act  more  as  public  service 
vehicles  rather  than  competitive  enterprises. 
This  means  working  more  with  competitors 
and  government  agencies,  giving  enterprise¬ 
like  off-site  storage  and  VPN  capacity  to  more 
residential  areas  to  accommodate  teleworkers, 
and  even  temporarily  forgoing  the  profit 
motive. 

“In  a  pandemic,  the  last  thing  I  will  do  is  worry 
about  sending  a  bill  to  a  customer?  he  said.B 
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Is  ‘green  IT’  real?  ...  As  real  as  your  bottom  line 


A  few  weeks  back,  I  wrote  about  the  rise  of 
green  tech.  Many  folks  have  been  asking 
me  how  real  this  trend  is.  I’m  not  sure 
what  they  mean  by  “real”  (I’m  a  virtual  gal, 
myself),  but  here’s  my  best  shot  at  an  answer. 

Green’s  as  real  as  it 
gets,  baby  Sure,  people 
can  dicker  over 
whether  global  warm¬ 
ing  is  really  occurring, 
and  if  so  whether  it’s 
due  to  human  activi¬ 
ties.  And  we  can 
debate  whether  the 

concept  of  “peak  oil”  actually  exists,  and  if  so, 
whether  we  reached  it  in  2004,  or  we’ll  reach  it  in  2014.  But  one  trend 
that’s  indisputable  is  that  the  cost  of  energy  will  continue  to  increase, 
at  least  for  the  foreseeable  future. 

And  here’s  the  kicker:  Pretty  much  any  industry  is  essentially  a 
machine  that  turns  energy  into  useful  stuff.  General  Motors  and  Toyota 
turn  energy  into  cars.  IBM  and  HP  turn  energy  into  servers.  And  we  in 
IT  turn  energy  into  information. 

As  any  good  CFO  will  tell  you,  any  time  the  cost  of  a  significant  raw 
material  is  increasing,  it’s  time  to  reassess  your  business  practices. 
There  are  only  a  handful  of  ways  to  cope:  You  can  pass  along  the  cost 
to  your  customers,  which  works  until  they  can  no  longer  afford  to  buy 
what  you’re  selling.You  can  hold  the  line  on  costs  and  absorb  the  hit 
on  your  margins,  which  works  until  you  can  no  longer  afford  to  pro¬ 
duce  what  you’re  selling.  Or, you  can  reduce  your  consumption  of  the 
expensive  resource. 

Enter  green.  As  I  noted  previously  for  most  companies,  green  isn’t 


about  saving  the  world  —  it’s  about  saving  your  company  money,  pri¬ 
marily  (but  not  exclusively)  by  reducing  energy  costs. 

How?  Investing  in  key  technologies  helps.  Server  and  desktop  virtu¬ 
alization  can  maximize  computer  utilization,  for  example.  Maximizing 
utilization  matters  because  machines  consume  power  even  when 

they’re  idle  —  so  it’s  better  to  have  20  servers 
at  full  utilization  than  100  servers  at  20%.  And 
automated  power  management  makes  it  easy 
to  power  unused  machines  down  (or  off). 

But  it’s  really  how  you  use  these  technolo¬ 
gies  that  makes  the  difference. Two  key  points 
stand  out  from  the  research  I’ve  been  doing  in 
this  area.  First  is  that  knowing  what  to  do  isn’t 
the  same  as  doing  it.  Just  13%  of  IT  executives 
at  the  companies  I  work  with  actually  know 
their  data  center  utility  bills,  for  example.  And  a  mere  3%  are  powering 
unused  servers  down. The  situation’s  a  bit  better  on  the  desktop  front 
—  fully  half  the  folks  turn  off  desktops  at  least  some  of  the  time. 

Second,  policies  matter.  Simply  having  a  telecommuting  policy  in 
place  increases  the  number  of  telecommuters  by  37%,  for  example. 
(Note  that  telecommuting  may  not  result  in  significant  cost  savings  for 
companies,  unless  they  also  eliminate  facilities  at  the  same  time.)  Yet, 
nearly  80%  of  the  companies  I  work  with  don’t  have  a  green  policy  in 
place  —  even  one  as  simple  as  “We  will  reduce  costs  by  optimizing 
our  energy  consumption”. 

So  yes,  green  is  real.  And  we’ve  only  just  begun  to  see  how  it  will 
change  things. 

Johnson  is  president  and  senior  founding  partner  at  Nemertes 
Research,  an  independent  technology  research  firm.  She  can  be  reached 
at  johna@nemertes.com. 
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how  it  will  change  things.55 
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Privacy,  security  issues 
darken  cloud  computing 


RISK  &  REWARD 

Andreas  Antonopoulos 
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i  nterprises  are  increasingly  interested  in 
cloud  computing  as  a  potential  solution  to 
i  capacity  challenges.The  idea  is  that  if  you 
have  a  virtualized  data  center,  the  cloud  could 
potentially  be  an  “overflow”  data  center  where 
you  expand  capacity  during  periods  of  high 
demand.  If  the  cloud  can  extend  your  data  cen¬ 
ter,  then  you  don’t  need  to  build  another  one 
or  increase  the  capacity  of  the  one  you  have 
just  to  handle  intermitted  spikes  in  computing 
demand. 

It’s  a  great  idea,  at  least  in  theory.  A  few  of  the 
companies  that  Nemertes  Research  advises  are  looking  into  cloud 
computing  and  trying  to  decide  how  to  approach  it.  Cloud  offers  the 
possibility  of  computing  capacity  on-demand,  effectively  a  dial  that 
you  can  tweak  to  increase  or  decrease  capacity  while  paying  only  for 
what  you  use.  Not  only  can  this  save  money  on  infrastructure,  but 
much  more  importantly  it  provides  flexibility  for  launching  applica¬ 
tions  or  business  lines  with  minimal  capital  investment. 

Many  of  the  key  challenges  on  cloud  computing  arise  at  the  border 
between  your  infrastructure  and  the  cloud.  How  do  you  move 
resources  from  one  side  to  the  other?  Is  the  cloud  application  depen¬ 
dent  on  storage  that  resides  on  your  side  of  the  border?  What  impact 
will  that  have  on  the  bandwidth  requirements?  And  how  do  you  seam¬ 
lessly  move  virtual  machines  between  the  cloud  and  your  data  center 
as  demand  fluctuates?  These  are  all  valid  and  interesting  questions.  But 
an  even  larger  question  looming  like  a  dark  cloud  on  the  horizon  is 
that  of  jurisdiction  and  legal  status.  Is  stuff  in  the  cloud  on  the  same 
legal  footing  as  stuff  in  your  data  center? 

It  turns  out  that  stuff  in  the  cloud  is  not  on  the  same  legal  footing  as 
stuff  in  your  data  center.  Unfortunately  the  legal  precedents  being  set 
around  the  country  are  potentially  devastating  for  enterprise  adoption 
of  cloud  computing.The  executive  branch  is  repeatedly  taking  the 
position  that  data  stored  in  the  cloud  does  not  have  the  same  assump¬ 
tions  of  privacy  and  due  process  as  does  data  stored  in  your  own  infra¬ 
structure.  The  fact  that  you  put  the  data  “out  there”  somehow  strips  any 
“expectation  of  privacyT  which  is  a  key  criterion  for  the  level  of  due 
process  protection  (based  on  my  limited  understanding  of  law).  A 
recent  decision  by  the  Sixth  Circuit  Court  of  Appeals  (Warshak  v  US) 
seemed  to  agree  to  this  idea  of  a  lower  “expectation  of  privacy”. 

For  now,  these  rulings  have  been  made  against  individuals,  not  corpo¬ 
rations  and  in  regards  to  e-mail,  not  files  or  databases.  But  the  prece¬ 
dents  are  being  set  in  a  way  that  makes  cloud  computing  a  difficult 
proposition,  both  for  security  professionals  and  compliance  auditors. 

In  corporate  terms,  privacy  is  often  a  regulatory  compliance  impera¬ 
tive.  When  looking  at  cloud  computing  you  need  to  consider  whether 
you  still  have  a  “reasonable  expectation  of  compliance”. 


Antonopoulos  is  a  senior  nice  president  and  founding  partner  at 
Nemertes  Research,  an  independent  technology  research  firm.  He  can 
be  reached  at  andreas@nemertes.com. 


Cloud  computing  event 

The  software-as-a-service  market  is  heating  up,  led  initially 
by  small  to  midsize  businesses  but  with  mid-to-large  compa¬ 
nies  quickly  following.  SaugatuckTechnology  research  shows 
that  between  2009  and  2012,  at  least  40%  of  mid-to-large  enter¬ 
prises  will  evaluate  SaaS-based  "core"  financial  systems. 
Learn  more  by  attending  IT  Roadmap:  San  Francisco  on  Nov. 

17  for  free.  Qualify  at: 
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Business  processes  and  services  leave  a  measurable  carbon  footprint.  So  how  do  you 
increase  control  and  visibility  of  those  processes  while  limiting  their  carbon  impact?  With 
IBM’s  Smart  SOA“  approach.  It  helps  you  optimize  resources  and  break  inefficient,  siloed 
applications  into  reusable  services-giving  you  greater  agility  across  business  processes 
and  IT  infrastructures.  Companies  like  Citigroup  have  reduced  application-processing  time 
from  two  weeks  to  two  days.  Process  efficiency  goes  up.  Energy  costs  go  down.  A  greener 
world  starts  with  greener  business.  Greener  business  starts  with  IBM. 


Making  role  management  work 


TECH  UPDATE 

An  inside  look  at  technologies  and  standards 


BY  DEEPAK  TANEJA 

any  IT  security  professionals  still  regard  role-based  access  and 
identity  management  as  hopelessly  complex  because  the  predom¬ 
inantly  manual  approach  used  to  review  and  manage  roles  is  not 
scalable  and  because  of  the  dynamic  nature  of  jobs,  roles  often  get  out  of 
sync  with  reality 


M 


The  challenge  of  discovering  established 
roles,  defining  new  roles, connecting  roles  to  IT 
infrastructure,  ensuring  roles  meet  compliance 
requirements  and  managing  roles  through 
their  natural  life  cycles  has  proved  to  be  too 
complicated  and  cumbersome  to  be  practical. 
As  a  result,  many  have  written  off  the  roles  con¬ 
cept  as  a  failure.  But  roles  are  essential  for 
sound  governance,  and  the  right  roles-based 
access  governance  systems  can  simplify  an  IT 
security  manager’s  job. 

There  are  three  key  objectives  to  determining 
the  success  of  any  roles-based  access  and 
identity  management  initiative: 

1.  The  people  who  manage  roles  should  un¬ 
derstand  them.  Role  definitions  should  de¬ 
scribe  in  simple  terms  what  a  person  assigned 
to  that  role  does. 

2.  Roles  should  simplify  users’  view  of 
access.  Everyone  that  uses  the  roles-based 
access  governance  system  should  be  able  to 
see  easily  who  has  access  to  what  and  under¬ 
stand  whether  that  access  is  appropriate. 

3.  Roles  should  make  the  management  of 
access  more  effective.  Roles  should  speed  up 
access  delivery  because  adding  a  user  or  mak¬ 
ing  a  change  to  user  access  is  now  expressed 
by  what  roles  the  person  has,  which  simplifies 
administration.  Additionally,  leveraging  roles 
makes  compliance  easier  because  clear  vis¬ 
ibility  exists  for  what  is  appropriate  and  inap¬ 
propriate  access. When  entitlements  are  added 
to  a  role,  or  roles  are  combined,  decision  sup¬ 
port  is  provided  to  proactively  identify  poten¬ 
tial  compliance  violations  or  risks.  The  best 
way  to  accomplish  these  objectives  and  estab¬ 
lish  the  best  role  set  for  your  organization  is  to 
follow  these  steps: 

•  Engage  key  stakeholders  who  are  involved 
with  governing  user  access.  Their  input  is 
essential  to  create  a  framework  that  drives 
what  business  abstractions  will  form  the  basis 
for  representing  access  to  information  re¬ 
sources,  as  well  as  for  role  discovery  and  mod¬ 
eling.  These  abstractions  are  tied  to  business 
context  —  such  as  job  context, process  context 
and  compliance  context  —  or  technical  con¬ 
text  scoped  to  a  subset  of  the  IT  infrastructure. 
Collaboration  on  a  role  framework  and  role 
design  between  IT  security  teams  and  the  busi¬ 
ness  will  ensure  the  best  chance  of  success 


when  roles  are  put  into  production. 

•  Determine  the  existing  access  entitlements 
of  all  users.  It  is  critical  to  have  an  automated 
access-governance  system  that  can  collect 
data  from  every  possible  repository  of  user  en¬ 
titlements,  normalize  and  aggregate  the 
data,  and  then  put  it  into  a  user-friendly  busi¬ 
ness  context. 

•  Effective  role  design,  combining  business 
and  technical  roles.  An  effective  approach 
for  modeling  roles  requires  the  creation  of 
business  roles  that  are  then  layered  over 
technical  roles.  This  hybrid  approach 
enables  top-down  business  roles  to  be  linked 
to  detailed  entitlements  within  various  infor¬ 
mation  resources,  which  creates  a  common 
language  for  access  that  can  be  clearly 
understood  by  all  stakeholders  in  the  access- 
governance  process.  As  you  begin  the  pro¬ 
cess,  bear  in  mind  that  having  fewer  roles 
usually  yields  greater  efficiency.  Don’t  worry 
about  trying  to  get  it  right  the  first  time. 
Assemble  your  first  roles  model  based  on  the 
stakeholders’  input  and  move  on  to  testing  it 
by  reconciling  the  roles  to  the  reality  of  ac¬ 
cess  that  the  users  in  that  role  actually  have. 
The  idea  is  to  learn  as  you  go,  not  to  achieve 
perfection  immediately. The  sooner  you  start 
modeling  and  testing,  the  sooner  you’ll  get 
where  you  want  to  go. 

•  Examine  the  results.  An  automated  role¬ 
modeling  system  is  essential  for  this.When  you 
are  able  to  see  the  pattern  into  which  your 
users  are  arranged  by  your  set  of  role  defini¬ 
tions,  you  can  start  the  process  of  reviewing 
each  role  with  these  considerations  in  mind: 

•  How  well  does  the  role  simplify  the  view  of 
access?  Consider  how  many  users  are  assigned 
to  the  role.  Any  roles  with  zero  users  should  be 
eliminated, and  those  that  contain  only  a  hand¬ 
ful  should  be  candidates  for  elimination. 

•  How  accurate  is  the  role?  It  should  have  a 
low  number  of  missing  entitlements.  Look  for 
users  whose  role  assignment,  according  to 
your  definition,  doesn’t  seem  to  be  a  good  fit 
with  their  job  functions,  or  who  don’t  use  the 
access  given  to  them  by  the  role. 

•  Is  the  role  unique?  If  there  are  other  roles 
with  similar  user  sets  or  that  describe  similar 
access,  you  may  want  to  collapse  them  into  a 
single  role  definition.  Could  the  role  be  ex¬ 


panded?  Look  for  users  who  could  be  added 
to  the  role,  and  consider  whether  there  is  new 
common  access  that  should  be  added. 

•  How  many  out-of-role  entitlements  does 
your  model  yield?  While  trying  to  eliminate 
them  altogether  usually  leads  to  excessive  role 
proliferation,  too  many  out-of-role  entitlements 
create  unnecessary  work. 

•  Repeat  as  necessary  with  revised  role  defi¬ 
nitions.  Role  modeling  is  an  iterative  process. 
Even  if  the  results  of  your  initial  models  are  not 
ideal, you  will  be  learning  with  each  round.You 
also  should  have  a  process  for  fine  tuning  roles 
by  combining  or  adjusting  them  based  on  fac¬ 
tors  such  as  the  number  of  members  within  a 
given  role,  the  number  of  entitlements  that  are 
out-of-role,  the  inherent  risk  level  of  the  role, 
and  simplification  of  administrative  complex¬ 
ity  of  roles. 

•  Establish  ownership.  By  transforming  a 
technical  view  of  access  into  a  business  view 
through  the  language  of  business  roles,  respon¬ 
sibility  and  accountability  for  maintaining  as 
well  as  certifying  roles  can  be  moved  out  of  IT 
and  driven  into  the  business.  Having  business 
units  maintain  their  own  roles  is  appropriate, 
because  business  managers  best  understand 
what  access  is  required  for  a  particular  job  or 
process  and  how  changes  within  the  business 
should  be  reflected  in  role  changes. 

•  Continuously  manage  roles  over  their  life 
cycle.  It  is  essential  to  understand  that  role 
management  is  not  a  project  with  a  beginning 
and  an  end,  but  a  continuing  process.  There 
will  be  frequent  changes  in  the  organization, 
the  technology  it  employs,  and  the  general 
business  climate  in  which  it  operates,  and  the 
language  of  roles  and  the  role  definitions 
themselves  must  change  along  with  these  vari¬ 
ables  to  ensure  that  roles  reflect  the  current 
reality  at  any  given  time. 

•  Keep  it  simple.  Real-world  attempts  to  im¬ 
plement  role-based  systems  have  shown  that, 
unless  roles  fit  into  a  context  that  ties  togeth¬ 
er  existing  entitlements,  company  policies, 
regulatory  requirements  and  business  pro¬ 
cess  realities,  they  don’t  work.  Without  this 
context,  the  result  is  a  system  that  can’t  keep 
pace  with  changing  business-user  require¬ 
ments,  and  that  can  leave  the  organization 
open  to  unacceptably  high  levels  of  risk. 

By  keeping  your  roles  initiative  within  the 
scope  of  the  steps  outlined  above,  you  will 
maximize  your  chances  of  developing  a  role- 
set  that  lowers  your  organization’s  user-access- 
related  risk  level,  gains  wide  acceptance 
throughout  the  enterprise, and  reduces  the  bur¬ 
den  on  the  IT  security  organization. 

Taneja  is  the  founder,  president  and  CTO  of 
Aveksa  (www.  aueksa.  com ). 
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your  business  is  credible,  safe  and  trustworthy. 
With  one  click,  visitors  can  easily  read  reviews 
and  write  comments. 
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Google’s  Chrome:  Ohhh!  Shiny! 
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GEARHEAD 

Mark  Gibbs 


Following  my  Gearhead  column  two  weeks 
ago  about  browsers,  a  number  of  people 
posted  comments  online  complaining  that  1 
never  got  around  to  discussing  Googles  Chrome 
despite  having  started  out  by  mentioning  it.  I 
particularly  liked  the  title  of  the  first  comment: 
“Are  you  retarded?”  To  all  of  these  nice,  polite 
posters:  I  ran  out  of  space.  So  sue  me. 

In  that  column  I  discussed  Firefox  browser  add¬ 
ons, and  if  I  had  space, I  would  have  pointed  out  that  while  Chrome  sup¬ 
ports  the  most  popular  plug-ins  (including  Flash,  Acrobat  Reader,  Java, 
Windows  Media  Player, Real  Player, QuickTime  and  Silverlight), it  doesn’t 
support  sophisticated  Firefox-like  add-ons. Yet. 

So,  let’s  see,  what  is  this  new-fangled  Chrome  thing  all  about?  It  is  a  fast, 
beta,  open  source  Web  browser  for  Windows  (OS  X  and  Linux  are 
planned)  released  under  the  BSD  License,  which  means  you  can  use  the 
code  as  part  of  a  proprietary  commercial  product.  It  provides  a  very 
sparse  tab-based  interface  that  eschews  (really)  the  normal  menu  bar 
(unlike  Internet  Explorer,  which  just  hides  it). 

Chrome  also  has  built-in  support  for  Google  Gears,  which  lets  you  save 
a  special  type  of  shortcut  for  Web  sites.  Using  Google  Gears  technology 
these  shortcuts  encapsulate  Web  content  for  both  online  and  off-line 
use,  creating  what  are  more  like  applications  than  Web  pages. 

Chrome  is  the  result  of  the  Chromium  project,  and  despite  the  current 
Chrome  release  being  for  Windows  only  CodeWeavers  has  released 
Crossover  Chromium  which  implements  Chromium  natively  on  OS  X 
and  Linux.  CC  (as  its  adherents  may  call  it)  was  created  using 
CodeWeavers’ Wine  development  system. 

One  important  difference  that  CodeWeavers  notes  is  that  Crossover 
Chromium,  unlike  Chrome,  doesn’t  have  automatic  updating.  This  may 


sound  like  a  deficiency  except  that  in  Chrome  automatic  updating  is  just 
that  —  automatic,  as  in  every  five  hours  where  possible. When  a  new  ver¬ 
sion  that  implements  bug  fixes  and  or  security  updates  is  available, 
Chrome  will  download  it  and  update  itself  on  the  next  restart.  And  it  will 
do  all  of  that  without  bothering  to  tell  you  what  changed. 

Google’s  rationale  for  this  is:  “When  there  are  security  fixes,  it’s  crucial 
that  we  update  our  users  as  quickly  as  possible  in  order  to  keep  them 
safe. Thus,  it’s  important  for  us  to  not  require  user  intervention. . .  .There 
are  some  security  fixes  that  we’ll  keep  quiet  because  we  don’t  want  to 
disclose  security  vulnerabilities  to  attackers.  .  .  .  For  major  version 
updates,  when  feature  changes  are  involved,  we’ll  explore  options  for 
providing  users  with  more  details  about  the  changes." 

It  will  be  interesting  to  see  how  this  automatic-update  strategy  evolves 
as  Chrome  matures. The  problem  is  that  software  updates  being  imple¬ 
mented  unilaterally  by  a  vendor  is  not  consistent  with  the  policies  of 
many  enterprise  IT  groups  that  require  regression  and  compatibility  test¬ 
ing.  In  other  words,  this  update  method  is  not  suitable  —  at  least  in  its 
current  form  —  for  production  IT  environments. 

The  whole  Chrome  project  is,  so  far,  quite  a  distance  from  something 
enterprises  would  want  to  make  a  serious  bet  on,  but  the  potential  is 
what  Google  is  offering.  Google  has  stated, “What  we  really  needed  was 
not  just  a  browser,  but  also  a  modern  platform  for  Web  pages  and  appli¬ 
cations,  and  that’s  what  we  set  out  to  build." 

Chrome  might  not  be  a  threat  to  Microsoft’s  Internet  Explorer  today  or 
even  tomorrow,  but  there  will  come  a  time  in  the  near  future  when  it  has 
matured  into  Google’s  platform  vision.  With  Google’s  weight  behind  it, 
well, your  enterprise  is  going  to  have  to  pay  attention. 

Gibbs  pays  attention  in  Ventura,  Calif.  Tell  him  what's  attracting  your 
attention  at  gearhead@gibbs.com. 


Two  travel  gadgets  that  hit  the  spot 

R 


COOL 


ecent  travels  have  given  me  the  chance  to 
try  out  some  of  the  latest  gadgets,  and 
these  two  help  make  it  easier  to  recharge 
my  other  gadgets  when  I’m  on  the  road. 

The  scoop:  Mini  Battery  Pack  and  Charger  for 
iPhone  and  iPod,  by  Kensington,  about  $50. 
What  it  is:  A  snap-on 
_  lithium-ion  recharge¬ 
able  battery  pack  for 
iPhone  and  iPod  models  that  use  the 
Universal  connector.  The  company  says  the 
pack  can  extend  the  device  for  as  many  as 
30  hours  for  music,  six  hours  for  video,  or 
three  extra  hours  of  talk  time. When  attached 
to  an  iPhone  or  iPod  at  the  bottom  of  the 
device,  the  Kensington  battery  recharges  the 
music  player  or  phone.  A  USB  port  on  the 
battery  lets  you  recharge  the  battery  and  the 
iPod/iPhone  simultaneously  when  connect¬ 
ed  to  a  PC  via  an  included  retractable  USB  charging  cable.  An  LED  meter 
on  the  battery  pack  tells  you  how  much  power  is  left  on  the  device. 

Why  it’s  cool:  As  many  iPhone  3G  owners  can  attest,  the  battery  life  on 
them  is  short-lived  if  they  are  trying  to  connect  to  the  3G  network  all  day 
Heavy  usage  on  the  phone  and  data  networks  can  drain  the  battery 
quicklyso  it’s  nice  to  have  a  handy  battery  pack  that’s  extremely  portable 
as  well. The  small  size  makes  it  easy  to  throw  into  a  laptop  bag  or  your 
pocket,  and  it  beats  having  to  power  up  a  laptop  or  carry  around  a  bulki¬ 
er  power  cord  for  recharging  the  iPhone  or  iFbd  on  the  fly 
Some  caveats:  I  wouldn’t  recommend  this  as  your  only  power  source 
for  recharging  an  iPhone  or  iFbd  on  long  trips,  but  this  works  well  as  an 
emergency  power  source  until  you  can  find  a  power  outlet  for  long-term 
recharging. 


Grade:  ★★★★★  (out  of  five) 

The  scoop:  Mini  Surge  Protector  with  USB  Charger,  by  Belkin,  about 

$25. 

What  it  is:  This  device  provides  mobile  travelers  with  three  extra  power 
outlets  and  two  USB  charging  ports  in  a  portable  form  factor. The  “brick” 

includes  a  rotatable  plug  that  can  be  adjust¬ 
ed  to  horizontally  or  vertically  fit  into  regular 
power  outlets  conveniently  to  provide  extra 
outlets  quickly 

Why  it’s  cool:  When  I’m  on  the  road,  one 
of  the  first  things  I  do  upon  entering  my 
hotel  room  is  go  on  a  search  mission  to  find 
all  of  the  extra  power  outlets  so  I  can 
recharge  my  phone,  iPod,  laptop  and  other 
gadgets.  Often,  the  outlets  are  hidden  behind 
the  TV  or  in  very  inaccessible  locations. 
Instead  of  bringing  along  a  bulkier  surge 
protector  power  strip,  the  Belkin  device  fits 
nicely  in  a  travel  bag, and  lets  me  recharge  all  of  my  devices  in  one  loca¬ 
tion.  I  really  like  the  addition  of  the  two  USB  charging  slots  on  the  brick, 
because  I  don’t  have  to  utilize  the  USB  ports  on  my  notebook  for 
recharging  purposes.  In  addition,  when  you’re  at  the  airport  and  power 
outlets  are  limited,  you  can  become  the  hit  of  the  road  warrior  set  by 
providing  others  with  additional  outlets  quickly  and  easily. 

Some  caveats:  If  you  have  power  adapters  that  are  the  bulkier,  brick¬ 
like  plugs,  they  may  block  additional  outlets  on  the  power  strip,  so  you 
may  still  have  to  do  the  power  outlet  treasure  hunt  in  the  hotel  room. 

Grade:  ★★★★ 

Shaw  can  be  reached  at  kshaw@nww.com.  Watch  Cool  Tools  videos  or 
check  out  the  Twisted  Pair  podcast  online  at  www.networkworld.com. 
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14  management 
measures  every 
WLAN  vendor 
should  provide 


BY  C.J.  MATHIAS,  FARPOINT  GROUP 

ith  enterprise-class  wireless  LANs  well  on 
the  way  to  becoming  the  preferred  —  if  not 
default  —  network  access  method  for 
organizations  across  all  industries  it’s 
imperative  that  the  software  available  to 
manage  WLAN  gear  is  up  to  the  task. 

Historically,  management  software  provided  by  individual  vendors  has  been 
the  vehicle  of  choice  for  almost  all  installations.  WLAN  vendors  have  made  sig¬ 
nificant  investments  in  their  management  tools, but  they  can  certainly  do  more. 


w 


Moving  forward,  we  believe  that  WLAN  manage¬ 
ment  will  become  the  key  differentiator  between 
otherwise  competitive  WLAN  products. 

What  should  go  into  a  WLAN  management  sys¬ 
tem,  and  how  the  resulting  functionality  should  be 
presented  to  the  user,  remains  a  matter  of  some 
debate.  Most  products  allow  some  form  of  policy- 
based  definition  of  services  available  to  a  given 
user, usually  by  grouping  users  into  classes  and  then 
defining  privileges  for  these  classes  based  on  such 
variables  as  traffic  priority  user  location,  time  of  day 
and  even  class  of  subscriber  unit. 

Most  products  implement  some  degree  of 
management  services  in  a  WLAN  switch  or  con¬ 
troller,  but  the  preferred  approach  is  to  use  man¬ 
agement  software  running  as  an  application  on 
a  server  or  ideally  an  appliance.  Given  the  large 
number  of  functional  units  required  to  construct 
enterprise-scale  WLAN  infrastructure,  a  central¬ 
ized  implementation  of  management  functional¬ 
ity  is  essential. 

Because  vendors  use  diverse  combinations  of 
management  capabilities  in  their  products,  it  is 
difficult  to  generalize  specific  classes  of  func¬ 
tionality.  But  the  following  are  key  system  man¬ 
agement  functions  that  should  be  included  in 
your  WLAN  bundle. 

1.  WLAN  planning  tools 

Most  WLAN  management  systems  allow  for  the 
importation  of  building  layouts  via  .dxf  or  similar 
files, and  some,  most  notably  Bluesockets  Wireless 
LANPlanner,  Trapeze’s  RingMaster  and  Motorola’s 
LANPlanner  (no  relation  to  Bluesocket's  prod¬ 
uct),  allow  radio-propagation  properties  to  be 
assigned  to  elements  in  the  resulting  virtual  struc¬ 
ture.  Simulations,  often  including  3D  analysis 
rather  than  simple  2D  studies  of  radio  perform¬ 
ance,  allow  for  the  automated  placement  of 
access  points. 

It  is  also  important  at  this  stage  to  consider 
throughput  requirements,  user  and  application 
loading,  and  bandwidth  required  for  time-bound 
traffic,  such  as  voice.  Unfortunately  this  type  of 
preparation  usually  involves  manually  crunching 
network  management  logs  and  basing  access  point 
count  and  placement  accordingly  We  see  this  as  a 
major  opportunity  for  enhanced  functionality 
going  forward. 

2.  Automated  deployment  options 

Auto-discovery  of  core  functional  units  such  as 
WLAN  controllers  and  access  points  (and  even 
access  points  at  remote  sites)  is  a  common  func¬ 
tion  of  most  base  WLAN  packages,  as  is  some  level 
of  automation  for  initial  setup  and  configuration  of 
WLAN  devices.  This  automation  is  particularly 
important  when  multiple  controllers  and  many 
access  points  are  involved,  as  the  manual  configu¬ 
ration  of  each  element  would  be  both  time-con¬ 
suming  and  error-prone. 

3.  Monitoring  and  control 

All  WLAN  management  tools  let  IT  staff  monitor 
and  control  radio  frequency  coverage  and  per¬ 
formance,  access  point  user  loads,  throughput,  and 
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system  performance  even  to  the  level  of  an  individual  user  or  sta¬ 
tion.  WLAN  products  do  a  great  job  of  this  today,  but  often  reflect 
the  system  vendor's  bias  as  to  what  variables  are  most  important. 
Flexibility  and  ease-of-use  are  vital  in  the  fast-paced  world  of  man¬ 
agement. 

4.  Optimization  and  extensibility 

The  number  of  variable  control  points  in  WLANs  can  be  quite 
large,  so  some  automation  in  the  analysis  of  system  behavior  and 
performance  as  well  as  some  automatic  tuning  of  the  related 
parameters  is  a  key  capability  in  any  WLAN  management  imple¬ 
mentation.  Again,  essentially  all  vendors  provide  this  feature,  as 
the  manual  configuration  of  access  points  would  be  suboptimal  if 
not  impossible. 

Enterprise-class  WLAN  management  systems  must  also  provide 
interfaces  to  external  databases,  including  those  for  directory  serv¬ 
ices  and  authorization,  and  enable  the  export  of  management 
data,  with  appropriate  security  to  external  network  management 
systems  and  analysis  tools. 

Given  all  of  these  requirements  for  potential  installation-specific 
connectivity, standard  database  (e.g., SQL  Server)  functionality  and 
support  for  interchange  file  formats  (such  as  CSV  and  Microsoft 
Excel)  are  essential.  Almost  all  WLAN  management  tools  support 
external  interfaces  to  varying  degrees. 

5.  Reporting  and  logs 

Producing  logs  and  management  reports  is  a  vital  function  of 
any  network  management  system.  Log  entries  must  include  all 
changes  to  configuration  and  recordable  events  as  enabled  by  the 
management  system  vendor  and  designated  by  network  opera¬ 
tions  staff.  Reports  reflect  network  behavior  over  time, such  as  num¬ 
ber  of  users,  throughput  analysis  and  security  events.  Several  WLAN 
management  products,  such  as  Cisco’s  5.1  release  of  its  WCS  man¬ 
agement  suite,  have  the  ability  to  produce  regulatory  compliance 
reports,  such  as  for  Payment  Card  Industry  standards  (in  Cisco's 
case)  or  the  Sarbanes-Oxley  Act. 

6.  RF  spectrum  management 

While  initial  RF  configuration  is  important, its  similarly  important 
to  be  able  to  reconfigure  RF  parameters  automatically  should  an 
access  point  fail,  a  new  access  point  be  added  or  interference  be 
detected.  The  detection  of  interference,  and  resulting  actions  to 
notify  operations  staff  and  reconfigure  access  points  as  required,  is 
a  major  opportunity  today  Note,  however,  that  this  involves  special¬ 
ized  (not  Wi-Fi)  radio  hardware  to  detect  non-Wi-Fi  interference. 
While  we  believe  that  interference  will  become  an  increasing  chal¬ 
lenge,  no  vendor  has  integrated  this  Layer-1  monitoring  into  the 
WLAN  management  system  —  although  Cisco  has  the  technology 
in  its  Spectrum  Expert  product  and  has  discussed  integrating  this 
capability  into  management  software. 

7.  Security 

WLAN  security  management  implementations  tend  to  be 
rather  elaborate,  a  direct  outcome  of  the  historical  and  always- 
present  concerns  over  wireless  security.  WLAN  management  sys¬ 
tems  universally  include  the  ability  to  set  security  policy,  and 
many  include  firewalls,  links  to  upper-layer  encryption  and 
authentication  (such  as  RADIUS),  intrusion  detection/preven¬ 
tion  systems  (which  remains  available  in  dedicated  form  for 
redundancy  and  auditing  purposes),  rogue  access  points  and 
ad-hoc  client  detection  and  mitigation,  and  detection  of  spoofed 
Service  Set  Identifiers  (SSID). 

Note  that  802.11  encryption  (such  as  WPA  and  WPA2)  and 
authentication  is  always  supported  but  is  not  sufficient  for  ade¬ 
quate  security  —  hence  the  requirement  for  management  systems 
to  support  all  of  the  other  functionality  noted  here. 

In  addition, some  products,  including  those  from  Aruba  Networks 


and  Meru  Networks,  are  certified  compliant  with  the  FIPS  140-2 
government-level  “sensitive  but  unclassified”security  specification, 
with  appropriate  management  interfaces.  We  encourage  its  use  in 
commercial  settings  as  well. 

8.  Mobility  management 

This  category  includes  tools  that  help  IT  support  roaming,  load 
balancing  and  session  persistence.  These  elements  are  unique  to 
WLANs,  and  allow  connections  to  be  maintained  and  optimized  as 
users  roam  between  access  points.  Note  that  roaming  events  can 
be  defined  as  acceptable  even  over  long  periods  of  time,  for  exam¬ 
ple,  between  widely  spaced  geographies  —  hence  the  need  for 
persistence. 

A  recent  addition  to  this  capability  includes  the  integration  of 
management  functions  for  network-based  applications,  as  is  seen 
in  Ciscos  3300-series  Mobility  Services  Engine  (MSE).  The  MSE 
provides  a  home  for  applications,  moving  them  into  the  network  in 
a  physical-layer-independent  fashion  and  thus  making  them  trans¬ 
parently  available  irrespective  of  access.  We  expect  significantly 
more  upper-layer  functionality  to  be  included  in  WLANs  in  the 
future,  redefining  the  services  of  WLAN  management  systems  that 
make  these  work. 

9.  Troubleshooting  and  remediation 

Again,  with  so  many  possible  configuration  and  environmental 
variables,  support  for  problem  detection  and  resolution  is  essen¬ 
tial.  Key  features  here  include  alerts  and  alarms,  reliability  services 
and  ties  to  external  management  interfaces. 

As  is  the  case  with  wired  network  management,  it’s  important  to 
be  able  to  view  (and  log)  alert  messages  and  alarm  conditions 
and  specify  how  these  should  be  handled.  All  of  the  products 
we’ve  used  do  a  good  job,  with  the  key  variable  being  how  the 
alerts  and  alarms  are  presented  to  the  user. 

Most  enterprise-class  WLANs  systems  can  be  reconfigured  by 
their  management  systems  in  the  event  of  the  failure  of  a  controller 
or  access  point.  In  the  case  of  controller,  a  standby  unit  is  required, 
but  access  points  can  automatically  be  reconfigured  in  terms  of 
channel  and  transmit  power.This  can  result  in  a  loss  of  capacity  but 
not  coverage  if  the  access  points  are  spaced  closely  enough.  This 
automated  response  to  a  critical  condition  minimizes  the  load  on 
operations  staff,  eliminating  the  need  for  traditional  troubleshoot¬ 
ing  procedures. 

16.  Accessible  interface 

Enterprise-class  management  tools  are  increasingly  being  imple¬ 
mented  as  Web  services,  with  a  browser  interface.  This  extends 
access  even  to  handheld  wireless  devices,  allowing  a  high  degree 
of  flexibility  with  (when  properly  implemented)  no  compromise 
of  security  or  integrity 

1 1.  Managing  voice  services 

Farpoint  Group  believes  that  voice  over  Wi-Fi  (Vo-Fi)  is  becoming 
a  key  driver  of  enterprise  WLAN  deployments,  and  that  this  trend 
will  accelerate  driven  by  the  increasing  availability  of  Wi-Fi  hand¬ 
sets  and  cellular  handsets  that  include  Wi-Fi  and  convergence 
functionality.  While  placing  a  relatively  low  data  load  on  the  instal¬ 
lation,  voice  management  features  must  include  capacity  plan¬ 
ning,  coverage  verification,  traffic  monitoring, and  such  capabilities 
as  call  admission  control  and  interfaces  to  IP  PBX  and  conver¬ 
gence  services. 

12.  Location  and  tracking 

A  number  of  techniques  can  be  used  to  implement  the  tracking 
of  unmodified  Wi-Fi  clients  with  good  resolution  —  even  to  within 
a  meter  or  two. This  function  is  often  implemented  with  a  separate 
appliance, but  with  the  management  of  this  hardware  as  part  of  the 

See  Wireless,  page  36 
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Microsoft 


taking  on  man-eating 
plants,  easy. 


taking  on  security 
threats,  easier. 


1.  Know  your  leafy  enemy. 

What  changed  your  dusty,  dried-out  office 
plant  into  a  bloodthirsty  menace?  Will  you 
be  held  responsible  for  the  workloads  of 
your  devoured  coworkers? 


1.  Implement  Microsoft  Forefront?' 
Forefront  makes  defending  your  systems  easier. 
It’s  a  comprehensive,  simple-to-use,  integrated 
family  of  products  that  helps  provide  protection 
across  your  client,  server,  and  network  edge.  For 
case  studies,  free  trials,  demos,  and  all  the  latest 
moves,  visit  easyeasier.com 

Forefront  is  business  security  software  for  client, 
server,  and  the  network  edge. 


2.  Office  coffee. 

This  works  well  against  so  many  office  threats.  The  more  over¬ 
brewed,  reheated,  and  dirty-pot-prepared,  the  better.  Two  pots 
and  it's  over. 


3.  The  junk  food  attack. 

In  the  afternoon,  when  energy 
is  low,  raid  the  vending  machine 
and  fill  the  Man-Eating  Plant  with 
snacks,  chips,  cookies,  etc.  Puts  you 
right  to  sleep — the  Plant  too, 
we  bet. 


*♦.  Go  green. 

We  mean  literally.  Disguise  yourself  as  a 
plant — a  leafy  fern,  perhaps — to  escape 
carnivorous  Plant  scrutiny.  Helps  you 
escape  boss  scrutiny  as  well. 


5.  Weed  spray. 

This  is  generally  nasty  stuff, 
but  there  are  plenty  of  organic 
weed  sprays  on  the  market. 
And  this  is  a  Man-Eating  Plant, 
so  it  seems  justified. 
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continued  from  page  34 

WLAN  management  system  itself.  Like  Vo-Fi,  the  use  of  wireless  loca-  ! 
tion  and  tracking  is  rapidly  increasing,  with  applications  in  logistics,  ; 
warehousing, healthcare, assisted  living  facilities, and  in  basic  system  ; 
management  functions  such  as  load  balancing  and  determining  j 
when  to  hand  off  a  voice  connection  to  a  cellular  network. 

13,  Visitor  and  guest  access  I 

These  are  key  functions  in  many  facilities  today,  and  the  guest  ; 
access  system  can  be  used  to  authorize  users  with  temporary 
credentials,  revoke  access  when  required  or  at  a  predetermined  i 


time,  and  restrict  access  to  certain  parts  of  the  building  and  (typi¬ 
cally)  external  Internet  service  only  —  although  printing,  for 
example,  might  be  also  allowed.  Guest  access  functions  are 
implemented  as  an  extension  to  policy-management  functionali¬ 
ty  in  many  systems. 

14.  Multi-site  management 

Larger  organizations  require  the  ability  to  manage  WLANs  across 
multiple  floors  and  buildings,  a  campus,  and  even  multiple  sites 
that  could  easily  span  the  planet.  It's  not  a  big  technical  challenge 
to  make  this  work,  but  it  is  important  that  the  management  plat¬ 
form  scale  to  handle  multiple  servers  from  a  single  management 
console  (sometimes  called  “master  console”  functionality). 


w 


'our  platform  will  keep  pace  with  your  organiza- 
ion,  here  are  six  management-focused  opportuni¬ 
ties  to  discuss  with  your  vendor: 


B 


1.  Automation 

We’ve  spoken  with  several  vendors  about 
“click  to  fix”  functionality  similar  to  that 
implemented  in  PC  system-verification  and 
virus-scanning  tools,  with  the  suggested 
solution  implemented  quickly  and  easily. 
Today’s  management  tools  almost  always 
require  significant  training  or  at  least 
meaningful  user  experience  for  best 
results.  Experts,  wizards  and  similar  ease- 
of-use  constructs  are  an  excellent 
response  and  will  likely  become  a  com¬ 
petitive  differentiator. 


4,  Extensions  to  802.1 1 

A  number  of  working  groups  within 
802.11  are  developing  standards  that  will 
impact  the  services  that  WLAN  manage¬ 
ment  systems  offer.  Among  the  most  impor¬ 
tant  are  802.  llv  (station  management)  and 
802.1  lw  (protected  management  frames), 
but  most  upcoming  additions  to  the  stan¬ 
dard  will  have  an  impact  on  WLAN  man¬ 
agement  systems.  The  current  crop  of  addi¬ 
tions  should  be  completed  within  two 
years,  but  we  see  no  end  in  sight  to  activity 
within  802.1 1  anytime  soon. 


is  difficult  to  achieve  because  of  the  huge 
range  of  network  products  on  the  market 
(or  otherwise  installed),  the  large  amount 
of  code  to  be  written,  and  the  need  for 
inter-vendor  cooperation,  which  is  difficult 
to  obtain  in  a  highly  competitive  market 
like  networking  equipment.  This  problem 
is  best  resolved  via  an  industry  consor¬ 
tium,  and  we  believe  such  an  organization 
will  eventually  be  formed. 

Conclusion 

As  basic  radio  and  WLAN  technologies 
begin  to  mature,  product  differentiation 
will  most  easily  derive  from  system  archi¬ 
tecture  and  management-system  fea¬ 
tures.  While  the  former  can  only  be  eval¬ 
uated  via  performance  benefits  (which 
can  be  very  difficult  to  evaluate),  the  cost 
savings  realized  through  robust  and  easy- 
to-use  management  functionality  can 
make  a  real  difference  to  organizations  of 
any  size.  Good  management  systems  min¬ 
imize  operational  expense,  which  can  be 
much  greater  than  the  capital  expense 
involved  in  purchasing  the  system  to 
begin  with. 

The  key  to  successful  WLAN  deploy¬ 
ments,  and  thus  the  installation  and  oper¬ 
ation  of  what  is  rapidly  becoming  the  pri¬ 
mary  and  default  access  for  users,  is  to  get 
operations  staff  involved  in  RFP  creation 
and  equipment  evaluation  as  early  as  pos¬ 
sible.  And  what’s  key  to  them?  Why,  WLAN 
management,  of  course. 

Mathias  is  a  principal  with  Farpoint 
Group,  an  advisory  firm  specializing  in 
wireless  networking  and  mobile  communi¬ 
cations.  He  is  an  internationally  known 
consultant,  author,  and  analyst,  and  serves 
on  the  advisory  boards  of  three  industry 
events. 

He  is  also  a  regular  columnist  for  two 
publications,  including  Computerworld, 
and  his  blog,  Nearpoints,  resides  at 
Network  World.  He  can  be  reached  at 
craig  @farpointgroup.  com. 


2.  Customization 

The  standard  interface  screens  may  not 
be  what  an  operations  team  desires.  Being 
able  to  customize  user  interface  and  man¬ 
agement  reports  will  become  increasingly 
common.  Broad  customization  may  intro¬ 
duce  significant  challenges  for  vendor  sup¬ 
port  teams,  but  making  the  product  work 
like  operations  staff  want  it  to  —  with  cus¬ 
tom  menus,  monitoring  screens  and  reports 
—  will  go  a  long  way  to  meeting  the  specif¬ 
ic  needs  of  a  given  site. 

3.  Extensibility 

Extending  the  function  of  the  manage¬ 
ment  system  as  might  be  desired  by  a  given 
installation  via  APis,  XML  or  similar  tech¬ 
niques  will  increase  the  value  of  the  prod¬ 
ucts  in  increasingly  complex  enterprise 
environments.  We're  already  seeing  XML 
being  put  to  greater  use,  for  example  in  the 
AirWave  Management  Platform  (see  review 
of  AirWave  platform,  page  38)  and  in 
Bluesocket’s  management  suite.  We  believe 
that  XML  could  begin  to  replace  SNMPand 
become  the  basis  for  the  next  generation  of 
unified  management  tools. 


5.  Mobile  device  management 

Extending  network  management  to  the 
edge  of  the  network  —  to  the  individual 
mobile  device  and  its  user  —  will  also 
become  increasingly  important  over  the 
next  few  years.  Such  functions  as  initial 
configuration,  configuration  monitoring 
and  verification,  device  security  and 
integrity,  device  backup  and  lockdown, 
and  even  “zapping”  (bulk  erasing  over  the 
air)  will  eventually  become  part  of  core 
network  management  systems. 

The  bad  news  is  that  this  advance  may 
take  a  while  —  mobile  device  manage¬ 
ment  is  implemented  today  as  a  separate 
and  distinct  function  unrelated  to  wireless 
(or  wired)  LAN  management,  and  vendor 
product  managers  need  to  look  at  net¬ 
work  management  as  a  continuum  from 
device  to  server  for  this  evolution  to  take 
place. 

6.  Unified  management 

Finally,  it’s  time  to  stop  thinking  wired 
and  wireless  LAN  and  focus  just  on  the 
LAN  with  a  unified  management  strategy. 
While  this  is  a  very  important  direction,  it 
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LTX800G 


Beyond  safe 


Preserving  your  data  with  safe,  reliable  media  is  critical.  But  at  Sony, 
bringing  engineering  excellence  to  your  storage  network  is  just  the 
beginning.  Sony  LTO™  tapes  also  offer  factory  bar  coding  for  easy 
data  management.  Convenient  Library  Packs  eliminate  individual 
shrink-wrapping.  Beyond  all  this,  our  Storage  Rewards  loyalty 
program  puts  you  on  the  Sony  incentives  fast  track.  Sony  LTO  media. 
Safe,  reliable,  and  so  much  more. 

sony.com/storagerewards  and  enter  code  SRL301  for  an 
additional  500  Storage  Rewards  Points.- 
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AIRWAVE  PROVIDES  MULTI¬ 
VENDOR  WLAN  MONITORING 

While  weak  on  initial  AP  config,  but  ongoing 
monitoring  capabilities  are  useful 


w 


BY  C.J.  MATHIAS,  FARPOINT  GROUP 

hile  its  usually  desirable  to  have  a 
completely  homogeneous  wire¬ 
less  LAN  “deployment,  it  also  is 
perhaps  unrealistic  to  assume  this 
state  of  affairs  can  be  maintained 
for  an  extended  period  of  time. 
Advances  in  basic  WLAN  technologies  often 
dictate  going  out  to  bid  for  an  enterprise’s  sec¬ 
ond  or  mirdwLAN  system,  with  no  guarantee 
that  the  current  vendor  will  once  again  prevail. 

Mergers  and  acquisitions  can  present  network  operations  teams 
with  facilities  using  yet  another  WLAN  system.  An  argument  can  be 
made  that  establishing  a  vendor-independent  WLAN  management 
framework  will  reduce  costs,  lower  training  and  other  overhead 
expense,  and  provide  a  degree  of  administrative  continuity 

But  it’s  also  fair  to  ask  whether  a  single  network  management  plat¬ 
form  can  address  a  multi-vendor  scenario  with  sufficient  features 
and  flexibility  to  obviate  the  need  for  the  vendor-specific  manage¬ 
ment  applications  that  today  accompany  all  enterprise-class  prod¬ 
ucts  (see  story  on  WLAN  management  expectations,  Page  42). 

To  get  a  handle  on  this  opportunity  we  set  up  a  small  heteroge¬ 
neous  lab  configuration  and  asked  the  only  three  vendor-independ¬ 
ent  WLAN  management  vendors  —  Adventnet,  AirWave  (recently 
purchased  by  Aruba  Networks)  and  WaveLink  —  to  participate.  Only 
Aruba's  AirWave  division  responded  affirmatively  and  submitted  its 
AirWave  Management  Platform  (AMP)  release  6.0.9  software  for  test¬ 
ing.  Adventnet  did  not  respond  to  repeated  requests,  and  WaveLink 
cited  an  upcoming  software  release  that  was  outside  of  our  time 
frame  for  this  project  as  its  reason  for  not  participating. 

In  plowing  through  the  huge  set  of  capabilities  inherent  in  the 
product  (plus  a  couple  of  optional  features),  we  found  that  AMP  is 
both  easy  to  install  and  very  good  at  monitoring  WLAN  equipment 
in  a  multi-vendor  environment  on  an  ongoing  basis.They  can  easi¬ 
ly  serve  as  the  primary  management  console  once  basic  configu¬ 
ration  of  all  functional  WLAN  units  is  performed.  The  current 
release  of  AMP  essentially  requires  that  access  point  and  con¬ 
trollers  are  configured  and  operational  before  AMP’s  important 
capabilities  can  be  used. 

Test  configuration  and  objectives 

Our  test  configuration,  while  compact,  allowed  us  to  examine 
how  well  Airwave  supports  a  multi-vendor  environment.  We  used 
gear  from  AirWave's  supported-products  list,  which  included  two 
HP  ProCurve  530  APs,two  Proxim  4000  APs,  and  an  Aruba  Networks 
MMC-3600  controller  with  two  Aruba  AP120s.  We  connected  all 
units  to  an  Ethernet  switch,  and  used  a  notebook  PC  running  a 
browser  for  our  console. 

We  tested  the  appliance  version  of  AMPwhich  comes  packaged  as 
a  CentOS-based  (Linux)  dual-Xeon  1U  server.  We  almost  always  rec- 
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Product  AirWave  Management  Platform  v.  6.0.9 

Vendor  AirWave,  www.airwave.com 

Price  Starts  at  $5,995  for  25  managed  devices 

Pros  Provides  multi-vendor  monitoring  and  reporting 
tools  for  a  wide  range  of  wireless  LAN  equip¬ 
ment;  very  easy  to  install  and  set  up;  broad 
range  of  functionality  available  with  the  prod¬ 
uct's  framework,  including  rogue  AP  detection 

Cons  Weak  device  configuration  tools;  user  interface 

requires  more  customization  features;  docu¬ 
mentation  lack  table  of  contents,  index,  and  a 
quick-start  guide  (other  than  for  installation) 

Score  4.4 


SCORECARD 

Action 

Weight 

Monitoring  and  troubleshooting 

20% 

5 

Device  discovery  and 
configuration 

15% 

3 

Reporting 

15% 

5 

Installation  and  setup 

10% 

5 

Range  of  device  supported 

10% 

5 

Ease  of  use 

10% 

4 

Flexibility 

10% 

5 

Documentation 

10% 

3 

Total  score 

4.4 

Scoring  key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average; 

1:  Subpar  or  not  available. 

ommend  using  a  management  appliance  if  one  is  available  so  as  to 
minimize  the  opportunity  for  setup  and  configuration  problems.  We 
needed  to  download  the  latest  version  of  the  software  for  the  appli¬ 
ance  and  burn  a  CD,  but  installation  overall  was  no  more  complex 
than  with  a  pure  software  product.  Basic  configuration  of  the  man¬ 
agement  platform  requires  little  more  than  setting  an  IP  address  and 

See  Wireless,  page  40 
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Thin  AP  technology 
Thin  1 2-mm  profile 
Fits  in  the  smallest  spaces 
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introducing  the  Wi-Jack  Duo1,"  the  world's  smallest, 
thinnest  802.11  a/b/g  wireless  access  point.  Its 
centrally  managed  thin  AP  technology  means  better 
security  and  easier  management.  The  sleek  design 
fits  unobtrusively  into  a  standard  wall  box  and 
supports  an  optional  network  port.  Thin  is  in  for  higher 
performance  in  wireless  network  performance. 

Get  the  story  on  why  the  Wi-Jack  Duo  is  the  perfect 

wireless  solution  by  calling  800-934-5432  or  visiting  fo  ORTRONICS 

www.ortronics.com/wi-jack 
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Folder:  Top  (5  Devices)  Go  to  folder:  Top  (5  Devices) 

i 

<4*  Total  Devices:  5  4-  Up:  5  ♦Down.  0  5*  Mismatched:  4  i  Users:  0  I  Avg/Device:  0  Q  Bandwidth:  1  kbps 

U««rs  for  folder  Top  Last  2  hours  igj)  Bandwidth  for  folder  Top  Last  2  hour* 


Default  Expansion 
Default  Folder 
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12:10  12:21  12:32  12:43  12:54  13:05  13:16  13:27  13:38  13:49  14:00 
Maximum  Av«r*9« 

is5  0  users  0.0  users 


12:10  12)21  12:32  12:43  12:54  13:05  13:16  13:27  13:38  13)49  1 
Maximum  Average 

j  [*3  Bit*  Per  Second  Out  2.0  kbps  1.6  kbps 
I  i*3  tBfir  Stcw.il.>  0.0  bps  0.0  bps 


1  year  ago 
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\  Modify  Devices 

Device  a 

\  Aruba 3600- US 
\  ProCurve-AP-530  Up 
^  ProCurve'AP-530-1  Up 
\  Proxim-4000-1 
\  Pr  oxim-4000-2 


Status  Users  BW  (kbps)  Uptime 
Up  0  0  8  d8ys  1  hr  0  mins 

0  1  2  days  23  hrs  2  mins 

0  1  2  days  23  hrs  6  mins 

0  0  1  day  23  hrs  41  mins 

0  0  2  days  18  hrs  41  mins 


Up 

Up 


Configuration  Group 

Good  Access  Points 

Mismatched  Access  Points 
Mismatched  Access  Points 
Mismatched  Access  Points 
Mismatched  Access  Points 


Controller  SSID 


First  Pa d*o 


802.11bg  ♦ 
802.11bg  ♦ 

Wireless  Network  802. 1 1  bg 
Wireless  Network  802. 11  bg 


AirWave’s  AMP  can  quickly  show  the  status  of  all  access  points  and  other  devices  under  its  management 
purview.  The  “Mismatched”  message  under  “Configuration”  is  a  warning  that  device  settings  do  not  match 
the  Template  for  the  Group.  This  can  be  repaired  by  altering  device  settings  directly,  or  by  changing  local 
policies  in  the  Template. 


Wireless 

continued  from  page  38 

entering  software  license  data;  we  were 
up  and  running  in  about  30  minutes. 

The  first  step  in  configuring  AMP  is 
defining  groups  so  that  members  of  a 
given  group  can  be  managed  together. 

Groups  have  associated  configuration 
templates,  which  allow  for  the  bulk  con¬ 
figuration  of  access  points,  and  we  left 
this  at  its  default  setting. 

The  next  step  was  to  get  all  of  our 
devices  entered  into  AMP  but  we  met 
with  only  limited  success.  AMP  can 
auto-discover  WLAN  elements  the  com¬ 
pany  lists  as  supported.  We  had  success 
in  auto-discovering  (but  not  auto-con¬ 
figuring)  the  stand-alone  access  points, 
but  the  Aruba  controller  required  a  little 
manual  tweaking,  the  problem  being 
traced  to  the  need  to  enter  an  SNMP 
community  string  and  authorization 
credentials  into  both  the  3600  and  AMP 
In  a  production  environment,  the  inven¬ 
tory  of  equipment  can  (and  most  likely  would)  be  entered  as  a 
batch  (via  a  .csv  file),  eliminating  any  variables  that  might  creep 
into  the  auto-discovery  process. 

Basic  configuration  (setting  static  IP  addresses,  SSIDs,  authoriza¬ 
tion  and  SNMP  information)  of  the  Proxim  and  HP  access  points 
and  the  Aruba  controller  had  to  be  performed  by  the  administrator 
before  connecting  these  elements  to  the  network,  as  we  found  that 
the  AirWave  platform  has  very  limited  ability  to  perform  basic  con¬ 
figuration  of  access  points.  After  basic  configuration  and  upon  dis¬ 
covery  by  AMP  the  system  informed  us  of  mismatched  configura¬ 
tion  parameters,  as  the  device  configuration  in  each  case  didn’t 
match  the  template.  Correcting  all  mismatches  again  generally 
required  direct  access  to  each  device. This  issue  could  also  be  cor¬ 


rected  via  modification  to  the  template,  assuming  such  was  accept¬ 
able  to  local  management  specifications  and  policies.  Note  “mis¬ 
matched”  is  more  of  a  warning  message  than  an  error,  as  our  net¬ 
work  still  operated  regardless. 

While  AirWave  technical  support  informed  us  that  it  is  working  to 
improve  this  element  of  the  product  (which  might,  for  example,  be 
addressed  by  something  as  simple  as  automated  login  via  the  com¬ 
mand-line  interface  or  Web  interface  on  each  device),  we  conclud¬ 
ed  that  AMP  is  much  better  suited  to  monitoring  and  reporting  func¬ 
tions  than  to  initial  configuration. 

And  AMP  really  shines  in  keeping  a  close  eye  on  the  WLAN  once 
all  managed  devices  have  been  configured  and  entered  into  the 

See  Wireless,  page  42 


USER  LAUDS  AIRWAVE  MULTTVENDOR  WLAN  MANAGEMENT 


eal  Shelton,  network  engi¬ 
neering  supervisor  for  the 
Fairfax  County  Public 
Schools  in  Virginia,  looks  to 
the  Airwave  Management 
Platform  to  help  him  deal 
with  the  daily  ups  and  downs  of  man¬ 
aging  the  district’s  8500  APs  that  com¬ 
prise  its  wireless  network. 

FCPS  has  a  classic  mixed-vendor 
installation,  with  a  combination  of 
Cisco  1121,  1131,  and  1300  access 
points  and  4402  controllers  and  Aruba 
AP  125  access  points  and  3300  con¬ 
trollers.  It  was  an  economical  reason 
for  bringing  the  Aruba  gear  into  the 
Cisco  mix —  the  Aruba  gear  costs  less 
—  and  because  FCPS  network  engi¬ 
neers  prefer  Aruba’s  802.11n  solution 
to  Cisco's. 

Shelton  says  FCPS  initially  turned  to 
AMP  for  a  wide  variety  of  reasons:  its 
easy  user  interface;  its  reporting  func¬ 


tionality  is  better  than  the  individual 
vendors;  its  ability  to  handle  future 
multi-vendor  solutions;  its  trou¬ 
bleshooting  client/access  point  capa¬ 
bilities;  its  configuration  control  and 
its  affordable  price. 

FCPS  does  not  use  Cisco's 
WCS  management  platform, 
which  would  be  the  default  for 
the  Cisco  gear,  noting  a  prob¬ 
lem  in  being  unable  to  man¬ 
age  large  groups  of  users.  On 
weekdays  during  the  school 
year,  it  is  not  unusual  to  have 
more  than  16,000  simultane¬ 
ous  wireless  users,  and  a 
platform  that  can  handle  that 
load  in  a  mixed-vendor  envi¬ 
ronment  was  at  the  top  of 
Shelton’s  list  of  require¬ 
ments. 

Among  the  many  tasks  he’s  delegat¬ 
ed  to  AMP  are  firmware  upgrades 


(including  converting  older  Cisco 
access  points  to  thin  mode),  rogue 
access  point  detection  and  general 
status  monitoring.  Shelton  keeps  the 
main  page  of  AMP  up  on  his  computer 
screen  at  all  times. 

Shelton  had  no  complaints 
regarding  AMP  overall,  giving 
the  product  special  kudos  for 
its  reliability  and  flexibility  in  a 
FCPS’s  very  challenging  oper¬ 
ational  environment.  But  he  did 
have  a  few  requests  for 
enhancements,  including  the 
ability  to  change  names  for 
multiple  access  points  from 
one  page  and  set  primary  and 
secondary  controllers  to  a  spe¬ 
cific  number  of  access  points 
so  that  load  balancing  can  be 
in  place.  He  also  cited  a  desire 
for  more  user-friendliness  —  in  gener¬ 
al,  mirroring  the  issues  we  noted  in 
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system.  The  main  page  of  the  GUI  (see  screenshot,  page  40)  shows  i 
network  status  —  across  all  access  points  and  controllers,  regardless  ; 
of  vendor  —  at  a  glance.  There’s  thus  no  need  to  fire  up  multiple  I 
incompatible  tools  from  multiple  vendors  and  attempt  to  monitor 
the  installation  is  what  otherwise  might  be  chaos  —  the  real  benefit  j 
from  using  AMP 

We  also  explored  monitoring  down  to  the  device  level,  using  charts  | 
that  showed  the  number  of  users  connected  to  and  average  bandwidth 
of  each  access  point  to  evaluate  overall  network  performance.The  flex¬ 
ibility  in  monitoring  and  reporting  on  whatever  might  be  of  interest 
across  vendor  WLAN  equipment  is  what  gives  AMP  its  true  value. 

Granted,  we  had  a  very  small  test  network,  but  easy  access  to  this  i 
information  can  be  critical  when  the  productivity  of  an  entire  organ-  i 
ization  is  on  the  line.  AMP  also  reported  when  access  points  went  I 
offline,  in  our  case  triggered  by  a  simple  unplugging  them. 

Diagnostic  capabilities  are  quite  broad  —  we  were  able  to  look  at  i 
access  point  performance,  for  example,  including  signal  quality,  : 
bandwidth, client  count  and  radio  parameters  like  retries  and  failures,  j 
Such  could  be  useful  in  low-level  troubleshooting,  which  is  often  : 
required  when  physical  changes  are  made  to  the  environment  —  a  j 
metal  cabinet  being  moved,  for  example. 

AMP  defines  nine  types  of  reports,  including:  Wireless  Network  j 
Usage,  Inventory  Uptime,  Device  Summary  Capacity  New  Rogue  : 
Devices,  Configuration  Audit,  New  User  and  User  Session.  All  of  these  ; 
can  be  scheduled  and  customized  as  desired.  A  detailed  event  log  is  I 
also,  as  expected,  part  of  the  package.  All  reporting  functionality  : 
worked  as  advertised. 

AMP  offers  two  optional  features  often  delivered  as  applications  : 
external  to  WLAN  management  tools:  RAPIDS,  which  detects  rogue  j 
access  points;  and  VisualRp  which  provides  location  and  mapping  : 
services.  We  found  RAPIDS  to  be  as  effective  as  other  rogue  detection  j 
systems  we  have  used,  allowing  multiple  filter  levels  and  simple  notifi-  ; 
cation  and  reporting. We  didn't  set  up  VisualRF  because  of  the  limited  ; 
scope  of  our  network,  but  such  functionality  is  very  valuable  in  identi-  i 
fying  the  location  of  failed  devices  and  in  evaluating  RF  coverage. 

In  terms  of  scalability,  AMP  includes  a  Master  Console  and  Failover  | 
Servers.  The  former  provides  top-level  visibility  for  multiple  AMP 
servers  (as  might  be  found  in  very  large  networks)  while  the  latter  | 
offers  a  degree  of  fault  tolerance.  AirWave  claims  support  for  multi-  ; 
architecture  (Wi-Fi, mesh  and  WiMAX)  configurations,  which  we  didn't 
test,  and  has  a  valuable  help  desk  function,  which  manages  trouble  i 
tickets  and  was  quite  useful  in  noting  issues  we  needed  to  resolve  dur-  j 
ing  testing. 

A  comprehensive  manual  is  included  (as  a  .pdf), but  the  lack  of  a  table  ; 
of  contents  or  an  index  makes  it  difficult  to  navigate.  As  we  generally  like  i 
to  do  in  equipment  tests,  we  conversed  with  Airwave’s  support  person-  j 
nel  via  both  e-mail  and  on  the  phone.  The  staff  was  highly  responsive,  i 
professional  and  very  helpful  in  dealing  with  our  questions,  mostly  relat-  : 
ing  to  initial  configuration  strategies  and  resolving  the  auto-discover  ; 
issue  noted  above. 

Still,  we’d  suggest  that  AirWave  add  a  concepts-and-facilities  | 
guide  to  AMP  to  its  catalog;  we  suspect  this  would  reduce  the  need  : 
to  contact  Tech  Support  just  to  get  running.  We’d  also  like  some-  j 
thing  along  the  line  of  wizards  to  help  with  basic  configuration 
tasks;  there’s  a  lot  of  switching  between  menus  and  pages  that  ; 
could  be  reduced  with  a  little  more  automation  or  at  least  consol-  : 
idation  of  command  pages.  j 

Analysis  and  conclusions 

Apart  from  the  limitations  in  configuration,  which  are  unlikely  to  be  ! 
critical  in  most  shops,  we  were  overall  impressed  with  the  Airwave  I 
Management  Platform.  It’s  easy  to  install  and  use,  quite  comprehen-  i 
sive  in  the  services  it  offers,  and  applicable  to  a  broad  range  of  WLAN  : 
products.  I 


PIECES  OF  THE  WLAN  MGMT 
PUZZLE  THAT  CANT  BE  SOLVED 
BY  WUN  GEAR  VENDORS 

Series  of  tests  proposed  to  assess 
ad-hoc  WLAN  mgmt.  tools 


AS 


BY  C.J.  MATHIAS,  FARPOINT  GROUP 

robust  as  they  are,  the  management  sys¬ 
tems  shipping  with  today's  wireless  LAN 
gear  are  only  part  of  the  whole  enterprise 
WLAN  management  picture.  Several 
classes  of  ad-hoc  tools  address  a  number 
of  broad  management  areas  that  may  not 
be  included  in  any  given  management  system  from  a 
WLAN  gear  vendor. 

The  most  common  adjunct  tools  are  designed  forWLAN 
assurance,  which  verify  WLAN  functions  and  provide 
independent  monitoring  of  the  network.The  best  known 
tools  here  are  from  AirMagnet  and  WildPackets 
(OmniPeek). 

But  there  are  many  others  ad  hoc  tools  that  provide  a 
broad  range  of  functions  help  administrators  keep  a 
thumb  on  the  pulse  of  their  WLAN  deployments,  many  of 
which  are  available  as  freeware  or  shareware.These 
include: 

■  Wi-Fi  discovery  tools  — These  are  the  descen¬ 
dants  of  the  original  hacking  tools  (remember  such 
amusements  as  Airsnort  and  WEPCrack?)  developed  to 
exploit  the  weaknesses  in  Wired  Equivalent  Privacy 
encryption. These  are  used  today  for  the  general  analysis 
ofWi-Fi  signals  in  a  given  location.  Examples  include 
NetStumbler  and  its  many  derivatives. 

■  Packet  capture  applications  -—These  are  analo¬ 
gous  to  the  packet  capture  "datascope”  tools  that  have 
been  available  on  wired  LANs  for  many  years,  and  are 
useful  for  protocol  analysis  and  troubleshooting.  A  couple 
of  examples  include  AitPcap  and  WireShark. 

■  Traffic  analyzers  — These  examine  the  real-time 
flow  of  packets  across  a  WLAN,  and  can  be  used  for 
bandwidth  allocation,  planning  and  performance  analysis. 
Examples  of  this  class  product  include  Kismet  and 
vxSniffer. 

■  Spectral  analyzers  — These  tools  operate  at  Layer 
1  of  the  OSI  model  and  are  used  to  analyze  the  radio  envi- 
ronment.They  are  particularly  useful  in  pre-deployment 
RF  sweeps  and  in  the  analysis  of  interference.  Cisco's 
Spectrum  Expert  technology  is  the  best  known  capability 
here,  and  is  embodied  in  a  number  of  OEM  products.  But 
MetaGeek's  Wi-Spy  also  is  available  and  a  less-expensive 
option. 

■  Site  survey  — These  applications  verify  coverage 
and  assist  in  the  placement  of  access  points.They  are 
usually  included  with  WLAN  products  and  management 
systems,  and  there's  some  debate  as  to  how  well  they 
really  consider  not  just  coverage,  but  performance. 
Examples  include  Helium  Networks'  SiteStumbler  and 
Wireless  Recon,  and  Motorola's  LANPIanner. 

Some  products  overlap  multiple  categories.  Over  the 
next  couple  of  months,  Network  World  will  be  publishing 
the  results  of  comparative  testing  from  each  of  these 
product  groupings.  Stay  tuned. 
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costs  savings  then  for  the  goal  of  reducing  cor¬ 
porate  carbon  footprints. 

“It’s  about  efficiency  as  much  as  it  is  about 
anything  else,”  said  Johna  Till  Johnson,  presi¬ 
dent  and  senior  founding  partner  of  Nemertes 
Research,  of  the  dual-pronged  impetus  for 
green  initiatives. 

The  drivers  are  there:  Most  servers  use  50%  of 
their  rated  power  even  when  idle,  so  they’re 
using  50%  of  electricity  but  doing  5%  work, 
Johnson  said. 

That  means  that  for  every  100  servers,  only 
five  are  in  use.  Turning  off  the  other  95 
would  result  in  47.5%  efficiency,  she  said.  In 
addition,  for  every  productive  dollar  gained 
from  servers,  almost  two  dollars  are  wasted 
in  UPS,  AC/DC  conversions  and  fans,  John¬ 
son  said. 

Even  so,  80%  of  companies  recently  surveyed 
by  Nemertes  have  no  corporate  green  policies; 
only  13%  knew  data  center  energy  costs;  only 
3%  turn  off  their  servers  when  not  in  use;  and 
desktops  are  left  on  50%  of  the  time. 

Miami-Dade’s  public  schools  started  a  green 


initiative  as  a  cost-saving  measure.  But  it 
required  the  cooperation  and  support  of  the 
faculty  and  students  at  each  school,  said  Paul 
Dunn,  senior  network  analyst  for  the  schools. 

“We  had  to  go  to  the  CFO  to  get  the  project 
and  funding  approved,”  he  said.  “We  were 
spending  $8  million  per  year  in  electricity  just 
to  keep  computers  going.  But  the  buy-in  had 
to  be  from  grass  roots,  the  school  sites.  Their 
cooperation  made  it  happen.  Kids  don’t  care 
about  saving  money  but  they  do  care  about 
green  initiatives.” 

Dunn  said  that  cooperation  will  help  the 
school  district  establish  custom  scheduling 
per  site  to  try  to  save  even  more  money  from 
energy  efficiency 


Johnson  said  green  IT  initiatives  have  to  start 
with  corporatewide  policies  or  mandates  to 
consolidate  IT  assets,  encourage  telecommut¬ 
ing  and  virtual  work,  establish  sustainable  sup¬ 
ply  chains,  and  recycling. 

Half  the  total  carbon  footprint  for  profes¬ 
sional  services  firm  KPMG’s  back-office 
campus  is  from  electricity,  and  half  of  that 
goes  to  power  the  data  center, says  the  firm’s 
CIO,  Rowan  Snyder.  “I’m  not  a  tree  hugger, 
but  it’s  a  significant  issue,”  said  Snyder,  who 
spoke  on  a  panel  about  the  status  of  IT  in 
corporations. 

If  IT  projects  don’t  actually  save  money, 
they’d  better  help  generate  some, says  Joanna 
Young,  CIO  of  insurance  company  Liberty 
Mutual,  who  spoke  on  the  same  panel.“There 
are  no  IT  projects  anymore,  there  are  busi¬ 
ness  projects.  The  question  we  always  ask  is, 
‘What  is  the  smallest  IT  investment  we  need 
to  make  to  have  this  [business  result]  happen 
for  you?’” 

As  Wall  Street  sagged,  she  clung  to  the  hope 
that  her  company  in  particular  might  be 
spared  some  of  the  stock-trading  volatility“We 
are  not  a  public  company,  which  might  be 
good  today’ she  said.B 


Knee-jerk  compliance  not  the  answer 


BY  TIM  GREENE 

NEW  YORK  —  Businesses  certified  to  be 
compliant  with  the  Payment  Card  Industry 
Data  Security  Standards  keep  suffering  data 
breaches,  but  the  problem  may  be  more  with 
the  way  businesses  address  the  requirements 
than  with  the  PCI  standard,  experts  told  an 
Interop  gathering. 

Retail  chain  Forever  21,  which  last  week  re 
vealed  that  nearly  99,000  customer  payment 
cards  may  have  been  compromised,  claimed 
it  was  PCI  compliant,  said  John  Pironti,  the 
chief  information  risk  strategist  for  Getronics. 

“They  claim  to  be  PCI  compliant,  Hanna- 
ford’s  [the  supermarket  chain  that  suffered  a 
data  breach]  claimed  to  be  PCI  compliant,” 
said  Pironti,  who  moderated  an  Interop  panel 
on  the  subject  of  compliance. 

But  those  firms  may  have  restricted  compli¬ 
ance  auditors’  access  to  areas  where  they 
thought  they  would  meet  standards,  said 
Jennifer  Mack,  vice  president  of  Master  Card 
Worldwide  and  a  member  of  the  PCI  Security 
Council. 

The  companies  may  have  submitted  their 
headquarters  to  review  by  a  qualified  security 
assessor  (QSA)  but  not  their  retail  stores,  for 
example,  Mack  said.  QSAs  also  are  hindered 
by  the  fact  that  they  can’t  require  changes  to 
meet  compliance.They  recommend  and  they 
can’t  do  much  more  than  that,”  she  said. 

Even  companies  that  do  try  to  comply  fully 
with  the  standards  may  not  wind  up  secure, 
Pironti  said.“Businesses  are  more  interested  in 
meeting  a  checklist  than  assessing  how  best  to 


secure  their  networks,”  he  said. 

Mack  agreed  that  businesses  also  need  to  do 
risk  assessments  to  make  sure  their  networks 
are  protected  and  that  blind  following  of  the 
standards  hasn’t  left  them  vulnerable.  But  the 
standards  are  still  important  to  get  corpora¬ 
tions  to  take  security  seriously  “If  the  checklist 
weren’t  there,  we  probably  wouldn’t  be  think¬ 
ing  about  some  of  these  things.  We  have  to 
pick  the  ones  that  fit  us  best,”  Mack  said. 

Jim  Routh,  CISO  of  Depository  Trust  Clear¬ 
ing,  which  processes  quadrillions  of  dollars  of 
financial  transactions  each  year,  said  each 
company  has  its  own  set  of  security  priorities 
that  need  to  be  thought  through.  Knee-jerk 
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compliance  won’t  work. 

Pironti  said  one  of  his  clients  diverted  funds 
from  projects  that  he  thought  would  make  his 
network  more  secure  in  order  to  encrypt  all 
customer  data  wherever  it  was  in  the  network. 
The  company  thought  the  risk  to  other  data 
was  outweighed  by  the  potential  blow  to  cor¬ 
porate  reputation  if  customer  data  were 
breached, he  said.  The  decision  was  prompted 
by  data-breach  disclosure  laws  that  say 
breaches  must  be  publicly  disclosed  only  if 
the  data  was  unencrypted  when  it  was  stolen. 
“Maybe  compliance  has  gone  too  far  when 
companies  need  a  foot  to  stand  on  in  the 
court  of  public  opinion,” Pironti  said.B 


University  Microfilm  lnt„  Periodical  Entry  Dept.,  300  Zebb  Road, 
Ann  Arbor,  Mich.  48106. 

PHOTOCOPYRIGHTS:  Permission  to  photocopy  for  internal  or 
personal  use  or  the  internal  or  personal  use  of  specific  clients  is 
granted  by  Network  World,  Inc.  for  libraries  and  other  users  regis¬ 
tered  with  the  Copyright  Clearance  Center  (CCC),  provided  that  the 
base  fee  of  $3.00  per  copy  of  the  article,  plus  50  cents  per  page  is 
paid  to  Copyright  Clearance  Center,  27  Congress  Street,  Salem, 
Mass,  01970, 

POSTMASTER:  Send  Change  of  Address  to  Network  World,  P.0 
Box  3090,  Northbrook,  IL  60065.  Canadian  Postmaster:  Please  return 
undeliverable  copy  to  PO  Box  1632,  Windsor,  Ontario  N9A7C9. 

%  Wbpa 

|Mr  T  IHTOMWnOWU.* 

Copyright  2008  by  Network  World,  Inc.  All  rights  reserved. 
Reproduction  of  material  appearing  in  Network  World  is  forbidden 
without  written  permission. 

Reprints  (minimum  500  copies)  and  permission  to  reprint  may  be 
purchased  from  Reprint  Management  Services  at  (717)  399-1900 
x128  or  networkworld@reprintbuyer.com. 

USPS735-730 


44  •  SEPTEMBER  22,  2008  •  www.networkworld.com 


NFTWQRKWQRLD 

■  Editorial  Index 


■  1 

■  A 

IRM 

ID  19  1ft  91  99  9 A 

AdventNet _ 

_ 38 _ 

Intel 

in 

AirWave _ 

_ _ 36,  38,  40,  42 

Amazon _ 

_ 12_ 

■  K 

Apple _ 

_ 10,46 

Kensington 

32 

Aruba  Networks 
Avaya _ 


_38_ 

J1S_ 


LB 


Relkin 


32 


Bluesocket 


_33_ 


CasiCL 


8 


Gisr.o 

Citrix. 


10,12,18.  21,34,  40 

8 


Microsoft 

Motorola 

■  N 

Nortel 

Novell 

■  0 _ 


Oracle 


8,  18,  21,48 
_ 33_ 


12,  18 
_ 12_ 


10 


■J) _ 

Dell  _ 21 


■t _ 

EDS  ... _ 22. 


aji _ 

Google _ 10,  20,  32 


■  H _ 

HE _ 21,22,24 


■  s _ 

SAE _ 8_ 

Shoretel  _  18 

Sun  _ 46_ 


■  T _ 

Trapeze  Networks _ 33. 


■  V _ 

VeriSign_ 16 

Verizon_ 46 

VMware _ 8,  20,  21 


Advertiser  Index 


35_ 


1&1  Internet  AG 

30-31 

lanril.nnm 

NFC  ftnrp 

11 

www.npnus.nnm/npnip 

r.A  Inn 

_ 4 _ 

na.nnm/itg 

Network  Instruments  LLC 

41 

CDW  P.nrp 

.  9 

r.rlw.r.nm 

www.Nptwnrklnstmmpnts.nom/TimpTravel 

ClearOne  Cnmmunir.atinns  InrbFi 

Nptwnrk  Instriimpnts  1  1  P 

43 

www.netwnrkTAPs.nnm 

DNSsluff _ 

47 

DN.Sstiiff.nnm 

7 

www.nnvpll.nnm 

dtSearch  P.nrp 

43 

Ortrnnins 

39 

www.nrtrnnics.cnm/wi-jank 

Fatnn  P.nrp 

20  91 

43 

www.sprvprtpnh.nnm 

Extreme  Networks 

_ 13, 17 

www.Rxtremenetwnrks.mm 

Sony  Dorp 

37www.snny.cnm/stnraQerewards 

Hewlett  Packard 

IBM  Cnrp _ 

*IBM  f.orp _ 

“IBM  C.orp 
Micrnsoft  Cnrp _ 


_ 2J_ 

_ 26-27 

_ 26-27 

_ 1SL 


_ ihm.nnm/green/sna 

_ ihm.nnm/ihmamess 

mir.rnsnft  r.nm/wnip 


These  indexes  are  provided  as  a  reader  service,  Although  every 
effort  has  been  made  to  make  them  as  complete  as  possible,  the 
publisher  does  not  assume  liability  for  errors  or  omissions. 


•Indicates  Regional  Demographic 


S  International  Data  Group 

Chairman  of  the  Board ,  Patrick  J.  McGovern 

■  IDG  Communications,  Inc. 

CEO,  Bob  Carrigan 

Network  World  is  a  publication  of  IDG,  the  world's  largest 
publisher  of  computer-related  information  and  the  leading 
global  provider  of  information  services  on  information 
technology.  IDG  publishes  over  300  computer  publications 
in  85  countries.  One  hundred  million  people  read  one  or 
more  IDG  publications  each  month.  Network  World  con¬ 
tributes  to  the  IDG  News  Service,  offering  the  latest  on 
domestic  and  international  computer  news. 


Publicize  your  press  coverage  in  Network  World 
by  ordering  reprints  of  your  editorial  mentions. 
Reprints  make  great  marketing  materials  and 
are  available  in  quantities  of  500  and  up. To  order, 
contact  Reprint  Management  Services  at  (717) 
399-1900  x!28  or  E-mail:  networkworld@reprint- 
buyer.com. 


NetworkWorld 

Events  and  Executive  Forums 


Network  World  Events  and 
Executive  Forums  produces 
events  including  IT  Roadmap, 
DEMO  and  The  Security 
Standard.  For  complete  infor¬ 
mation  on  our  current  event  offerings,  call  us  at  800-643-4668  or 
go  to  www.networkworld.com/events. 


■  Network  World,  Inc. 

492  Old  Connecticut  Path,  Framingham,  MA  01701-9002 
Phone:  (508)  766-5301 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstname_lastname@nww.com 

CEO:  John  Gallant 
Publisher:  Dan  Hirsh 

ONLINE  SERVICES 

Vice  President/General  Manager:  Susan  Cardoza 
V.  R,  Audience/Partnership  Development:  Dan  Gallagher 
Director  of  Client  Services:  Jennifer  Moberg 

SEMINARS,  EVENTS  AND  IDG  EXECUTIVE  FORUMS 

Exec.V.  P.,  Events/Executive  Forums:  Neal  Silverman 
Vice  President,  Event  Sales:  Andrea  D'Amato 
V.  R,  Event  Marketing/Business  Dev.:  Mike  Garity 
Director  of  Event  Operations:  Dale  Fisher 

MARKETING 

Director  of  Marketing:  Donna  Pomponi 

AD  OPERATIONS 

Senior  Production  Manager:  JamiThompson 
Advertising  Coordinator:  Maro  Eremyan 

FINANCE 

Vice  President  Finance:  Mary  Fanning 

HUMAN  RESOURCES 

Director  of  Human  Resources:  Eric  Cormier 

CIRCULATION/SUBSCRIPTION 

Membership  Services  Specialist:  Judy  Cloutier 
Direct:  (508)  820-8117 

INFORMATION  SERVICES 

CIO:  W.  Michael  Draper 

Director  of  Systems  Development:  Tom  Kroon 

IDG  LIST  RENTAL  SERVICES 

Director  of  List  Management,  SteveTozeski 

Toll  free:  (800)  IDG-LIST  (US  only)/Direct:  (508)  370-0822 


■  Sales 


Vice  President/Associate  Publisher:  Sandra  Kupiec 

New  York/New  Jersey 

Elisa  Della  Rocco,  Regional  Account  Director 
(201)  634-2300/FAX:  (201)  634-9286 

Northeast 

Elisa  Della  Rocco,  Regional  Account  Director 
(201)  634-2300/ FAX:  (201)  634-9286 

Mid-Atlantic 

Jacqui  DiBianca,  Regional  Account  Director 
(610)  971-0808/FAX:  (201)  621-5095 

Midwest/Central 

Sandra  Kupiec,  Vice  President/Associate  Publisher 
(415)  243-4122/FAX:  (415)  267-4519 

Southeast 

Al  Schmidt,  Regional  Account  Director 
(972)  631-3730/FAX:  (972)  631-3993 
Enku  Gubaie,  Account  Manager 
(508)  460-3333/FAX:  (508)  460-1192 

Northern  California/Northwest 

Karen  Wilde,  Regional  Account  Director 
VanessaTormey,  Regional  Account  Director 
Coretta  Wright,  Regional  Account  Manager 
Katie  Layng,  District  Manager 
Hillary  Bullard,  Account  Executive 
(415)  243-4122/FAX:  (415)  267-4519 

Southwest/Rockies 

Katie  Layng,  District  Manager 
(415)  243-4122/FAX:  (415)  267-4519 

Online/Integrated  Solutions 

Debbie  Lovell,  Regional  Account  Director  Northeast 
Daniel  Hunt,  Account  Executive 
(508)  766-5301/FAX:  (508)  766-5320 

■  EVENT  SALES 

Kevin  Hause,  Sr.  Director,  Global  Sales,  DEMO 
Michael  McGoldrick,  Regional  Account  Director 
Grace  Moy,  Regional  Account  Director 
Jennifer  Sand,  Regional  Account  Director 
Leilani  Hammock,  Sales  Representative 
(508)  766-5301/FAX:  (508)  766-5327 


www.networkworld.com  •  SEPTEMBER  22,  2008  •  45 


Food,  vampires  and  IT 

F 


Mark  Gibbs 


618"  ried  Apple  iPie:  A  warm,  delicious 

i  crispy  fried  apple  pie  with  just  a  hint  of 
cinnamon,  smothered  in  rich  vanilla 
ice  cream  and  topped  with  an  edible  iPod-like 
MP3  player  and  whipped  cream.  Real  ear- 
BACKSPIN  phones  complete  this  tasty  iPie  experience!” — 
2008  State  Fair  of  Texas  New  Food  Locator 
The  Fried  Apple  iPie  didn’t  win  a  Big  Tex 
Choice  Award.  Best  Tasting  went  to  Chicken 
Fried  Bacon  (“Thick  and  peppery  Farm  Pac  bacon  is  seasoned,  double- 
dipped  in  a  special  batter  and  breading  and  then  deep-fried: Served 
with  a  creamy  side  of  ranch  or  honey  mustard  sauce”),  while  the  Most 
Creative  award  went  to  “Fried  Banana  Split.” 

Who  are  these  people?  Why  are  they  trying  to  seduce  us  with  these 
insane  foods?  And  who  really  needs  or  can  survive  eating  Texas  Fried 
Jelly  Belly  Beans,  Deep  Fried  S’ mores,  Fried  Chocolate  Truffles  or 
Chocolate-Covered  Strawberry  Waffle  Balls? 

These  vendors  are  like  vampires,  seducing  us  with  forbidden  delights 
so  they  can  drain  our  money  They  are  just  another  part  of  what  you 
might  think  of  as  the  vampire  economy 

Vampires  have  certain  attributes  that  make  them  fascinating: They  are 
powerful,  mysterious,  can’t  tolerate  light  (a  metaphor  for  not  being 
revealed),  lure  and  seduce  victims  through  visceral  offerings,  and  are 
extremely  hard  to  destroy  Those  are  also  the  attributes  of  the  vampire 
economy 

Take,  for  example,  the  cell  phone  companies. You  want  a  cell  phone? 
They  are  just  waiting  to  seduce  you.  And  you’re  not  going  to  get  just  a 
phone,  you’ll  also  get  a  camera,  a  diary  an  MP3  player,  a  blender,  a 
chainsaw  —  a  whole  load  of  things  above  and  beyond  a  phone,  and 
they  lure  you  into  wanting  all  these  features. 


But  the  vampiric  perfidity  doesn’t  stop  there.  Nope,  they  give  you  all 
that  at  a  really  low  cost,  and  then  they  lock  you  in  to  a  long-term  con¬ 
tract  with  no  real  service  guarantees. They  get  their  fangs  into  you  and 
then  offer  you  a  new  phone  to  hook  you  with  a  contract  extension. 
They  are  pure  evil. 

But  the  cell  phone  companies  aren’t  alone  in  this  kind  of  evil.  Oh  no, 
there’s  Cisco, Microsoft, Apple, Sun  ...  all  of  the  really  big  names  in  IT. 
They  seduce  you  with  complex,  mysterious  products  you  really  need, 
and  by  the  time  you’ve  mastered  them  and  know  how  to  make  them 
work, you  know  too  much.You  can’t  leave  them  and  they’ll  do  their 
best  to  make  sure  you  won’t  and  don’t.  Like  Bram  Stoker’s  Lucy 
Westenra,  you’re  hooked  and  you  can’t  get  away  without  paying  a  terri¬ 
ble  price. 

Oddly  enough,  even  open  source  products  have  similar  conse¬ 
quences  if  they  find  a  home  in  the  strategic  backbone  of  your  enter¬ 
prise.  Once  you  succumb  to  their  blandishments,  that’s  it  —  you  are  in 
their  clutches. 

So,  how  do  you  end  this  fateful  entanglement?  With  vampires,  it’s 
exposing  them  to  sunlight  or  a  stake  through  the  heart.  Well,  in  IT 
that’s  been  tried.  For  example,  consider  Microsoft.  It  was  exposed 
to  the  light  through  the  legal  processes  of  the  European  Union 
and  a  financial  stake  was  waved  at  it,  but  to  no  avail. 

Technological  vampires  appear  to  be  a  lot  more  powerful  than 
the  fictional  kind. 

Nope,  whether  you’re  in  the  IT  world  trying  to  build  infrastructure  or 
at  the  State  Fair  of  Texas  trying  to  find  lunch, you’ll  find  it  hard  not  to 
be  seduced  by  evil.  At  least  after  the  fair  you  can  go  on  a  diet. 

Gibbs  is  surrounded  by  garlic  in  Ventura,  Calif.  Prayers  to  ward  off  evil 
to  backspin@gibbs.com. 


Verizon  robo-caller  torments  my  family 


NET  UZZ 

News,  Insights,  oddities 


Nine  robo-calls  in  24  hours,  all  from  Verizon: 
Nothing  could  make  them  stop;  not  my 
wife’s  increasingly  urgent  pleas  (I  was 
away);  not  the  hapless  customer  service  reps 
who  promised  relief;  not  the  “in-charge  supervi¬ 
sor”  who  wasn’t  in  charge;  and  not  even  the 
ever-so-helpful  individual  who  said, “We ’re  sug¬ 
gesting  that  people  just  unplug  their  phones.” 

Unplug  our  phones?  How  about  you  unplug 
your  bloody  robo-caller? 

And  here’s  the  most  amusing  part: Verizon’s  rogue  motor-mouth  was 
calling  —  nine  times  —  to  inquire  as  to  the  McNamara  family’s  satis¬ 
faction  level  with  recent  Verizon  customer  service.  (If  only  the  options 
had  included, “Press  4  for ‘stop  asking.’11) 

About  1,400  FiOS  and  DSL  customers  —  all  in  New  England  — 
endured  a  similar  fate, Verizon  says.  We’ll  get  to  the  company’s  explana¬ 
tion  right  after  the  gory  details. 

The  first  call  came  at  1:49  p.m.on  Sept.  9.  Recognizing  it  as  a  robo 
and  being  busy,  Julie  just  hung  up.  Fly  swatted.  Kids  will  be  home  from 
school  soon. 

Second  call  at  3:34  p.m.  Answered,  hung  up. Third  at  5:22. 

By  the  6:28  call  it  had  become  clear  the  onslaught  was  not  going  to 
stop  of  its  own  accord, so  Julie  set  about  probing  the  mechanical  mon¬ 
ster’s  outer  defenses. This  meant  wading  through  a  labyrinth  of  prompts 
—  there  was  no  upfront  option  to  speak  to  a  representative  —  fol¬ 
lowed  by  the  obligatory  20-minute  wait  on  hold. 

Reward:  Plenty  of  sympathy;  no  help. 

The  9:09  call  got  her  back  on  the  line  with  yet  another  kind  but  use¬ 
less  Verizon  employee.“He  apologized  —  everyone  I  spoke  with  apolo¬ 
gized,”  she  would  tell  me  later.  “And  they  all  said  the  calls  would  stop.” 
The  10:23  call  served  as  punishment  for  her  having  had  the  audacity 


to  fall  asleep. 

The  1 1:40  earned  her  the  attention  of  that  supervisor  in  the  Dallas 
Fiber  Solution  Center,  which,  as  Julie  pointed  out  later,  is  “ill-named,”  at 
least  in  terms  of  offering  a  solution  to  this  problem. 

That  would  be  it  for  this  night.  She  unplugged  the  phone. 

Next  day?  First  call,  10: 12;  second  —  and  final  of  the  nine  —  at  12:59. 
Julie  answered  neither.  Who  would? 

“I  hate  Verizon,”  she  wrote  in  an  e-mail  to  me.  Who  wouldn’t?  (And  it’s 
not  as  though  this  is  our  first  spot  of  trouble  with  FiOS.) 

Back  in  the  office  on  Thursday,  I  contacted  Verizon  to  find  out  why 
they  made  my  wife’s  life  so  miserable.  According  to  company 
spokesman  Bill  Kula,who  also  apologized, “a  hardware  glitch”  resulted 
in  a  stream  of  faulty  customer  info  being  sent  to  a  third-party  vendor 
that  makes  the  robo-calls.  The  1,400  victims  who  received  the  calls, 
including  my  wife,  were  targeted  because  they  had  logged  service  calls 
the  day  before  the  glitch  (our  Verizon-issued  router  had  died  —  again; 
we’re  on  router  No.  3  in  two-plus  years  of  FiOS). The  calls  are  standard 
operating  procedure  designed  to  gauge  the  effectiveness  ofVerizon 
customer  service. The  “glitch”  resulted  in  multiple  requests  per  cus¬ 
tomer  for  such  calls,  each  with  a  different  time  attached  to  it,  which  the 
robo-caller,  being  a  robo-caller,  faithfully  executed. 

As  for  the  rep  who  suggested  just  yanking  the  phone  out  of  the  wall? 

“That  wasn’t  the  best  advice,”  Kula  says. 

I  asked  him  why  the  problem  took  so  long  to  fix  and  why  they  didn’t 
take  more  drastic  action  sooner. 

“We  did  take  drastic  action,”  he  says.“We  contacted  the  vendor  and 
had  the  system  disconnected  so  additional  calls  did  not  take  place.” 

In  other  words,  they  did  unplug  the  bloody  robo-caller.  Just  took  their 
sweet  time. 

Have  a  robo-tale  of  your  own?  The  address  is  buzz@nww.com. 
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